Ready to do the most impactful work of your career? At Coinbase, we are uncompromising on our mission to increase economic freedom. The bar is high, the environment is intense, and we like it that way. This isn't a place for complacency, it’s a place to be pushed past your perceived limits. If you're ready to build the future of finance alongside people who refuse to settle for "good enough," you belong here. Coinbase is a remote-first, but not remote-only company. Expect to get together quarterly for intense in-person working sessions called “surges.” learn more about working at Coinbase.
At Coinbase, our mission is to increase economic freedom in the world. We want to live in a world where everyone has access to financial services. We are building the cryptoeconomy — a more fair, accessible, efficient, and transparent financial system for everyone.
Coinbase Information Security is looking for a Security Engineer to join the Vulnerability Response (VR) team. This is not a traditional VM role — it is an engineering role embedded in security. You will be building and operating an AI-first vulnerability management platform that handles detection, triage, prioritization, and remediation at the scale and speed Coinbase demands.
The platform you'll work on spans the full VM lifecycle: an AI-powered correlation engine that determines Coinbase's exposure to every critical vulnerability the moment it's published, an automated remediation pipeline that creates fix PRs and engages engineering teams directly, a third-party software risk program that enforces vulnerability policy across thousands of repositories, and a Slack-native interface that puts real-time impact assessments in the hands of every security engineer at Coinbase. You will be writing production code every day — in Go and Python — to make this platform faster, smarter, and more accurate.
What you'll be doing:
- Build and extend AI-powered pipelines that ingest vulnerability intelligence, assess Coinbase's exposure using LLMs, and automatically engage the right teams when impact is confirmed
- Develop and iterate on LLM agents using LangGraph for web research, exploitability assessment, and automated triage — including prompt engineering, agent orchestration, and output validation
- Own features across the full VM platform: correlation engine, automated fix PR generation, third-party package risk enforcement, scanner coverage gap tracking, and the Slack-callable VM agent
- Extend asset inventory coverage by integrating new data sources and improving signal quality across CrowdStrike, FleetDM, Dependency Atlas, AssetIQ, and more
- Run remediation campaigns using data-driven insights to drive consistent, measurable risk reduction across Coinbase engineering
- Use Snowflake and Looker to measure program effectiveness and surface vulnerability risk to engineering leadership and executives
- Collaborate cross-functionally with engineering teams to enforce SLAs, resolve bottlenecks, and deliver a seamless developer experience
What we look for in you:
- 3+ years of experience in security engineering, application security, or a related domain — with a strong software engineering foundation
- Demonstrated ability to write production-quality code; you are comfortable owning features end-to-end in Go or Python
- Experience building with LLMs — prompt engineering, agent frameworks (LangGraph, LangChain, or similar), output parsing, and evaluation
- Proficiency in SQL for data analysis and Snowflake or similar data warehouses
- Hands-on experience with vulnerability management concepts — CVE triage, CVSS/EPSS scoring, exploit maturity assessment
- Ability to work across ambiguous problem spaces and ship iteratively without waiting for perfect requirements
- Strong communication skills to partner with engineering leads on risk-driven prioritization
Nice to haves:
-
Experience with Go in a production backend environment
-
Familiarity with asset inventory platforms — CrowdStrike Falcon, FleetDM, Dependency Atlas, or similar
-
Experience with Redis, Kubernetes, or building job queue / worker pool systems
-
Background in threat intelligence platforms (Flashpoint, Mandiant, or similar)
-
Experience implementing security controls in developer platforms like GitHub Enterprise and Artifactory
-
Application Limit: Candidates may submit a maximum of 3 applications within a 6-month period.
-
Equal Opportunity Employer: Coinbase is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or genetic information. Applicants with criminal histories will be considered consistent with applicable federal, state, and local laws.
-
US Applicants: View Employee Rights, Know Your Rights, and E-Verify Notice of Participation.
-
Accommodations: If you are an individual with a disability who needs a reasonable accommodation, email us your request and contact info at accommodations[at]coinbase.com. Need screen reading technology? Click here to download a free compatible screen reader and view the tutorial.
-
*Data Privacy & Arbitration: By submitting your application, you agree to our Candidate Privacy Notice. US applicants: By submitting your application, you agree to Arbitration of Disputes.
