About Pagoda

Pagoda is shepherding a future where NEAR becomes the blockchain operating system. We believe that re-inventing how software is made and distributed is our greatest opportunity to open economic access to those who are not fully integrated into the global economy. Our products empower people to find opportunity, invent new experiences, and collaborate. Let's build an Open Web world. A world where people control their assets, data, and power of governance.

About The Role

Pagoda’s growing security team is looking for an experienced Senior Application Security Engineer to focus on the advancement of modern application security practices and partner closely with our engineering and product teams to provide security recommendations and identify security issues throughout the software development lifecycle. This includes secure design reviews, threat modeling, secure code review, and penetration testing.

This team member will be responsible for the security and integrity of our applications, possessing a deep understanding of software vulnerabilities and the ability to develop effective security solutions. This role requires a strong technical background, excellent problem-solving skills, and the ability to collaborate with cross-functional teams to implement robust security measures.

What You'll Be Doing

Support the Pagoda Software Development Lifecycle as an application security subject matter expert through design review, threat modeling, code review, and penetration testing
Collaborate and advise engineering teams on application security best practices and vulnerability remediation
Perform deep-dive security reviews to ensure all Pagoda products and services following secure design principles across our product portfolio (web, mobile, and APIs)
Create and deliver hands-on software security training to engineering teams to increase security awareness
Participate in on-call rotation to support engineering teams during incidents
Role activities:
- Manual source code review
- Adhoc Pen Testing
- WebApp/dApp PenTesting
- Secure program design and implementation review
- Threat modeling
- Continuous secure assurance activities
- Risk identification and categorization / management
- Engineering education and engagement
- Ownership of internal SAST/DAST toolset[s]

What We're Looking For

8+ years of experience in application security
Has set up or helped guide the creation of an Application Security program from scratch.
Ability to perform design reviews, threat modeling, secure code reviews, or penetration testing with an attacker mindset
Familiarity with modern SAST/DAST tooling. Snyk and Stackhawk are important.
Ability to review and dissect a Bug Bounty submission. Craft a fix and work with appropriate teams to implement
Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.)
Familiarity with and ability to understand business objectives, business context, and security risk
Proven ability to communicate effectively with developers

We'd Love If You Have

A passion for security and Web3
Strong Linux skills
Experience in building lasting connections with development teams
Experience in a startup environment
Professional certifications e.g. CISSP
Familiarity with using one or more programming/scripting languages (e.g., Python, Java, etc.)

Here’s What Our Interview Process Looks Like

Our interviews take place via Zoom and typically consists of the following stages:

Recruiter Call
Hiring Manager Call
1st Round
- Bug Bounty Interview
- Technical Assessment with Engineering
Final Round
- Meet with CTO
- Pagoda Values Interview

Compensation

The base salary range for this role is $176,000 - $200,000. This reflects the minimum and maximum range across all US locations. This does not include bonus, incentives, or benefits.

The actual base pay is dependent upon many factors, such as: leveling, relevant skills, and work location. If you are based outside of the US, there are other geographic considerations that may impact your final compensation. Your recruiter can share more about the compensation and benefits applicable to your preferred location during the hiring process.

Benefits & Perks

Encouraged 20 days of flexible PTO per year, plus your local holidays
Wellness weeks – 2 weeks of paid company-wide closures
100% Paid medical, dental and vision, AD&D and life insurance for US employees, including 85% coverage for dependents, and HSA + FSA options; For non-US employees, 100% Paid private medical coverage available at the highest tiered plan
Access to licensed therapists and mental health resources through Spill, 100% confidential and paid by Pagoda; plus $75 monthly reimbursement for wellness
Generous parental leave options; All employees have access to $10,000 in fertility assistance through Carrot
For US employees, 401(k) retirement plan available (no match)
Annual company retreats and team offsites (2023 was in Spain; 2022 in Portugal)
$2,000 Continued Education Reimbursement
$2,000 Home Office Reimbursement
Co-working Space Reimbursement

Our Values at Pagoda

Our values express our company culture. Learn more on our careers page.

Pagoda is an Equal Employment Opportunity (EEO) employer and welcomes all qualified applicants. Applicants will receive fair and impartial consideration without regard to race, sex, color, religion, national origin, age, disability, veteran status, genetic data, or other legally protected status.

Apply for this Job

* Required

First Name *

Last Name *

Email *

Phone

Location (City) *

Resume/CV *

Dropbox Google Drive

(File types: pdf, doc, docx, txt, rtf)

Cover Letter

Dropbox Google Drive

(File types: pdf, doc, docx, txt, rtf)

GitHub

Website

Why are you interested in working at Pagoda and the blockchain space? *

Would you require visa sponsorship to work in the country in which this position is based? *

If you answered yes to the above, please provide more information.

How did you hear about Pagoda/this job? *

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in NEAR’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Gender

Are you Hispanic/Latino?

Please identify your race

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Veteran Status

Voluntary Self-Identification of Disability

Form CC-305

Page 1 of 1

OMB Control Number 1250-0005

Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

Alcohol or other substance use disorder (not currently using drugs illegally)
Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
Blind or low vision
Cancer (past or present)
Cardiovascular or heart disease
Celiac disease
Cerebral palsy
Deaf or serious difficulty hearing
Diabetes
Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
Epilepsy or other seizure disorder
Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
Intellectual or developmental disability
Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
Missing limbs or partially missing limbs
Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
Partial or complete paralysis (any cause)
Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
Short stature (dwarfism)
Traumatic brain injury

Disability Status

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

Our system has flagged this application as potentially being associated with bot traffic. Please turn off any VPNs, clear your browser cache and cookies, or try submitting your application in a different browser. If this issue persists, please reach out to our support team via our help center.

Please complete the reCAPTCHA above.