Job Description
Who You Are:
Our client's Product Security team is looking for a Senior Offensive Security Engineer to design and implement a security testing program where we will use creative adversarial techniques to uncover vulnerabilities in our products, but also dedicate a substantial amount of time to provide guidance and hands on help to engineers to remediate the issues.
Our team objective is to ensure a secure-by-design approach to all product development and operations, and we seek a strong testing practice as the final assurance that controls are implemented properly. The type of products in our scope are client facing and internal Web/APIs, blockchain applications, data lakes and integration of advanced trading architectures.
As of today we envision the development of such pillars as part of the security testing program:
- Penetration testing of high priority features: product Security Engineers will prioritize features and applications to be tested, with specific objectives
- Adversarial Testing Campaigns: driven by threat intelligence, advanced testing techniques to uncover vulnerabilities in our products, infrastructure, or processes
As a member of the product security team, the testing engineer will be in a unique position, working closely with the software engineering, SRE, and security operations teams.
We are looking for a driven professional, with great communication and organization skills.
What You'll Do:
- Design and implement the security testing program with guidance from the director of product security and help from product security team members
- Plan testing activities, communicate with involved teams (software engineering, SRE, …)
- Perform security-focused code reviews
- Perform manual testing of security features such as authentication, authorization
- Perform adversarial tests in an ethical manner using manual and automated techniques, creating a repository of methods and scripts that will be augmented regularly; Provide report of vulnerabilities
- Recommend off-the shelf and specialized testing tools for the firm
- Develop an extensive knowledge of the technical architecture and business functionality of products
- Help maintain and address stability of the testing environment
- Be an advocate of security testing to software engineering and product teams, and help them develop a mindset of thinking about adverse scenarios and how a system can be subverted
- Provide guidance to development and SRE teams on the mitigation of vulnerabilities
- Stay informed of the latest developments in adversarial tactics and techniques and application vulnerabilities - especially in financial and digital asset space - and adapt the strategy or tooling to address new threats
What We're Looking For:
- Bachelor or post-graduate diploma in cybersecurity or technology
- 5 years experience in security research and web penetration testing
- 3 years experience with cloud and container architectures
- 2 years experience in a full-time programming role
- Programming and scripting language experience; Java, C++, Python, or similar languages
- Security certification in cybersecurity testing -or- network security -or- application security (OSWE/CEH, Network+, CSSLP)
- Attention to detail, to be able to plan and execute tests on a wide range of applications
- Excellent communication skills and the ability to collaborate effectively with cross-functional teams
- Ability to think creatively and strategically to identify flaws and vulnerabilities
- Experience with automated security testing such as DAST, SAST, SCA
- Willingness to travel up to 15% of the year
Bonus Points:
- Cryptocurrency, trading, and derivatives financial products knowledge
- Familiarity with multi-participant approvals such as MPC and multi-signature
Base Salary Range: $180,000 - $220,000
- Competitive base salary, bonus, and equity compensation
- Flexible Time Off (i.e. unlimited paid vacation days)
- Company paid Holidays (11)
- Company paid sick leave
- Company-paid health and protective benefits for employees, partners, and other dependents
- 3% 401(k) company contribution
- Generous paid Parental Leave
- Free virtual coaching and counseling sessions through Ginger
- Opportunities to learn about the Crypto industry
- Free daily snacks in-office
- Smart, entrepreneurial, and fun colleagues
- Employee Resource Groups