Ready to be pushed beyond what you think you’re capable of?
At Coinbase, our mission is to increase economic freedom in the world. It’s a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform — and with it, the future global financial system.
To achieve our mission, we’re seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company’s hardest problems.
Our work culture is intense and isn’t for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there’s no better place to be.
This is a 12-week internship during summer 2025.
The Security Advisory Services (SAS) team at Coinbase plays a crucial role in ensuring the security and integrity of the company's infrastructure and applications. They are responsible for conducting thorough security reviews of applications, infrastructure, and software as a service (SaaS) solutions. The team operates by integrating secure design principles into the early stages of development and reviewing PRs (Pull Requests) for potential vulnerabilities. For quick consultations and reviews, they also leverage various channels like the Slack bot and integration reviews, ensuring robust security measures are in place across all Coinbase services.
What you’ll be doing (ie. job duties): To be completed by all business teams except Eng.
You will support pen testing including, but not limited to the following: Web applications and apis Web3 (ex: DApp, NFTs etc) Cloud infrastructures (AWS) As a member of the security assessment team, you will assist in the development of frameworks and automated tools to be leveraged during assessments. Support / Contribute to scoping assessments, setup/configuration of test environments and vulnerability remediation testing. You will be responsible for supporting our public Bug Bounty program. This will include, but is not limited to: tiered support, documentation, stakeholder management, risk ranking, on-call rotation and researcher feedback.What we look for in you (ie. job requirements): To be completed by all business teams except Eng.
Programming experience or ability in one of our core languages. At current inventory, we use Ruby (Sinatra & Rails) or Golang, andJavaScript (Server & client flavors). Python experience will be beneficial for automation based project work. You don’t need to be a whiz, but we expect you to be able to perform secure code review of new features and/or services. Exposures to risk and threat modeling methodology. You don’t need to be able to rattle off everything in the CWE as you iterate through STRIDE, but structure and fluidity in your analyses will really help you communicate efficiently across teams. Web Application Security experience. Be it source code audit, penetration testing, bug bounty triage, or code reviews, you’ll be expected to examine code with security critical eyes. Experience in the automation of manual processes. (ex: Python Scripts, Selenium, Playwright, etc) Ability to understand and solve complex problems, which require the ability to work independently and unblock yourself as required. Strong written and verbal communication skills, specifically on security topics. The work our team does is consumed by various cross functional teams and leaders; so being able to effectively communicate will be invaluable in avoiding confusion and providing a poor customer experience.Nice to haves:
Currently pursuing a degree or certificate in a related discipline. Experience working in a high security and/or highly regulated industry. (ex: PCI, SOC, NIST, etc). Experience in applied cryptography and/or cryptographic research. Experience in exploit development and/or security research. Some personal or professional experience with exploitation/auditing in the Web3/crypto space. If you have open source security tooling to your name, we’d love to take a look and understand what problem you are solving and how your solution works. We heavily encourage Open Source contributions!Position ID: P62277
Pay Transparency Notice: Depending on your work location, the target annual salary for this position can range as detailed below. Full time offers from Coinbase also include target bonus + benefits (including medical, dental, vision and 401(k)).
Pay Range:$50—$50 USDCommitment to Equal OpportunityCoinbase is committed to diversity in its workforce and is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view the Know Your Rights notice here. Additionally, Coinbase participates in the E-Verify program in certain locations, as required by law.
Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations[at]coinbase.com to let us know the nature of your request and your contact information. For quick access to screen reading technology compatible with this site click here to download a free compatible screen reader (free step by step tutorial can be found here).
Global Data Privacy Notice for Job Candidates and ApplicantsDepending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available here. By submitting your application, you are agreeing to our use and processing of your data as required. For US applicants only, by submitting your application you are agreeing to arbitration of disputes as outlined here.