Job Description

Key purpose:

The main focus of this role will be to shift left with security and to aid in the empowerment of engineers in becoming application security champions. This includes using a specialised skill set to design and automate continuous security testing at all pre-deployment stages (where applicable), enable the measurement (and performance) of threat reduction at said stages and work closely with the Agile Delivery team, Backend and Mobile engineers, SREs and other Security resources to achieve our joint vision of making the company the safest and most trusted cryptocurrency company in the world.

Duties and responsibilities:

• Support and consult with product and engineering teams in the area of application security, including threat modelling and AppSec reviews
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
• Support and assist in managing our bug bounty program.
• Author, share and contribute to documentation on application security processes, tooling and other resources to ensure collaboration and transparency within your own team and throughout the greater organisation.
• Design and implement continuous application security testing mechanisms to aid in assessing our security posture and furthermore, drive down the number of vulnerabilities and threats in our environment.
• Inform, support and empower our software engineers to strive towards becoming more vigilant, aware and capable secure coding practitioners. This includes developing structured and unstructured engagements such as, targeted and general training, one-on-one and one-to-many coaching/information sharing sessions and general enquiry handling around application security.

Qualifications and experience:

• Experience in vulnerability management and enhancing and/or contributing to the security within application source code.
• Experience in securing CI/CD pipelines on Cloud platforms. Ideally AWS with the AWS Developer Associate certification being advantageous
• Deep understanding of security best practices on technologies mentioned above
• Team player, willing to pitch in wherever needed
• Keen interest in application security and vulnerability management
• Understanding of the Software Development Lifecycle
• Basic development or scripting experience and skills. Golang, Python, JavaScript, and Java/Kotlin are preferred.
• Familiarity with some common security libraries, frameworks and tools (e.g. static analysis tools, proxying/penetration testing tools).
• Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).