Job description
Join a team of experts to build the leading blockchain wallet infrastructure for the next financial era. As an Application Security Engineer, you report to our CISO and lead application security efforts. We’re looking for a seasoned security engineer to identify and mitigate risks, address vulnerabilities, and protect client data. You will assess security risks, detect threats, and implement mitigation strategies while ensuring compliance with security policies. Advanced knowledge of API security, web based vulnerabilities, penetration testing , and defense-in-depth strategies is essential. The ideal candidate is passionate about security, finance and blockchain with broad expertise and a proactive approach to safeguarding systems and sensitive data. This role offers the opportunity to make a significant impact on our security posture in a fast-paced environment. Your goal: protect our software, while building security features on time.
Preferred experience
Responsibilities
- Contribute to the team’s vision for building secure and reliable products, setting roadmap priorities, and meeting deadlines with high-quality outcomes.
- Introduce innovative solutions to address application security challenges.
- Conduct security reviews, including code reviews, design reviews, and dynamic testing.
- Implement security and cryptography solutions.
- Identify design flaws and logical vulnerabilities.
- Develop and maintain a threat modelling framework.
- Guide software engineers on security best practices.
- Manage application security vulnerabilities.
- Support the bug bounty program and prepare security releases.
- Develop automated security tests to ensure secure coding practices.
- Assist in penetration testing and collaborate with external penetration testing firms.
- Oversee the Secure Software Development Lifecycle (SSDLC).
- Design, research, and execute attacks to improve defensive strategies.
- Publish blog posts and present at security conferences on discovered vulnerabilities.
- Stay abreast on developments in crypto and blockchain to guide strategic goals.
Requirements
- 8+ years of experience as a Security Engineer or in a similar role.
- 2+ years of experience in crypto, working on blockchains.
- Bachelor’s degree or higher in computer science or similar field.
- Familiarity with securing APIs and smart contracts.
- Familiar with security libraries, controls, and common vulnerabilities.
- Ability to assess and prioritize threats based on potential impact.
- Strong understanding of supply chain attacks.
- Experience with penetration testing tools and methodologies.
- Familiarity with static and dynamic application security testing tools .
- Deep knowledge of network and web protocols.
- Expertise in secure networking implementation and applied cryptography.
- Experience with vulnerability management processes.
- Familiar with cloud security best practices.
- Ability to work collaboratively with development, DevOps, and product teams.
- Knowledge of industry standards like ISO 27001, NIST, or CIS.
- Understanding of compliance requirements such as GDPR, SOC 2, or PCI DSS.
- Hands-on experience with secure coding practices and secure software development lifecycle (SSDLC).
- Ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
- Experience with Typescript and Rust (or similar languages).
- Relevant certifications are a plus (e.g., CISSP, CEH, OSCP, GWAPT).