CAREERS

This is a 12-week internship during summer 2025.

The Security Advisory Services (SAS) team at Coinbase plays a crucial role in ensuring the security and integrity of the company's infrastructure and applications. They are responsible for conducting thorough security reviews of applications, infrastructure, and software as a service (SaaS) solutions. The team operates by integrating secure design principles into the early stages of development and reviewing PRs (Pull Requests) for potential vulnerabilities. For quick consultations and reviews, they also leverage various channels like the Slack bot and integration reviews, ensuring robust security measures are in place across all Coinbase services.

What you’ll be doing (ie. job duties): To be completed by all business teams except Eng.

• You will support pen testing including, but not limited to the following:
• Web applications and apis
• Web3 (ex: DApp, NFTs etc)
• Cloud infrastructures (AWS)
• As a member of the security assessment team, you will assist in the development of frameworks and automated tools to be leveraged during assessments.
• Support / Contribute to scoping assessments, setup/configuration of test environments and vulnerability remediation testing.
• You will be responsible for supporting our public Bug Bounty program. This will include, but is not limited to: tiered support, documentation, stakeholder management, risk ranking, on-call rotation and researcher feedback.

What we look for in you (ie. job requirements): To be completed by all business teams except Eng.

• Programming experience or ability in one of our core languages. At current inventory, we use Ruby (Sinatra & Rails) or Golang, andJavaScript (Server & client flavors). Python experience will be beneficial for automation based project work. You don’t need to be a whiz, but we expect you to be able to perform secure code review of new features and/or services.
• Exposures to risk and threat modeling methodology. You don’t need to be able to rattle off everything in the CWE as you iterate through STRIDE, but structure and fluidity in your analyses will really help you communicate efficiently across teams.
• Web Application Security experience. Be it source code audit, penetration testing, bug bounty triage, or code reviews, you’ll be expected to examine code with security critical eyes.
• Experience in the automation of manual processes. (ex: Python Scripts, Selenium, Playwright, etc)
• Ability to understand and solve complex problems, which require the ability to work independently and unblock yourself as required.
• Strong written and verbal communication skills, specifically on security topics. The work our team does is consumed by various cross functional teams and leaders; so being able to effectively communicate will be invaluable in avoiding confusion and providing a poor customer experience.

Nice to haves:

• Currently pursuing a degree or certificate in a related discipline.
• Experience working in a high security and/or highly regulated industry. (ex: PCI, SOC, NIST, etc).
• Experience in applied cryptography and/or cryptographic research.
• Experience in exploit development and/or security research.
• Some personal or professional experience with exploitation/auditing in the Web3/crypto space.
• If you have open source security tooling to your name, we’d love to take a look and understand what problem you are solving and how your solution works. We heavily encourage Open Source contributions!

Position ID: P62277