Vp, Senior Offensive Security Engineer

Who You Are:

Our client's Product Security team is looking for a Senior Offensive Security Engineer to design and implement a security testing program where we will use creative adversarial techniques to uncover vulnerabilities in our products, but also dedicate a substantial amount of time to provide guidance and hands on help to engineers to remediate the issues.

Our team objective is to ensure a secure-by-design approach to all product development and operations, and we seek a strong testing practice as the final assurance that controls are implemented properly. The type of products in our scope are client facing and internal Web/APIs, blockchain applications, data lakes and integration of advanced trading architectures.

As of today we envision the development of such pillars as part of the security testing program:

• Penetration testing of high priority features: product Security Engineers will prioritize features and applications to be tested, with specific objectives
• Adversarial Testing Campaigns: driven by threat intelligence, advanced testing techniques to uncover vulnerabilities in our products, infrastructure, or processes

As a member of the product security team, the testing engineer will be in a unique position, working closely with the software engineering, SRE, and security operations teams.

We are looking for a driven professional, with great communication and organization skills.

What You'll Do:

• Design and implement the security testing program with guidance from the director of product security and help from product security team members
• Plan testing activities, communicate with involved teams (software engineering, SRE, …)
• Perform security-focused code reviews
• Perform manual testing of security features such as authentication, authorization
• Perform adversarial tests in an ethical manner using manual and automated techniques, creating a repository of methods and scripts that will be augmented regularly; Provide report of vulnerabilities
• Recommend off-the shelf and specialized testing tools for the firm
• Develop an extensive knowledge of the technical architecture and business functionality of products
• Help maintain and address stability of the testing environment
• Be an advocate of security testing to software engineering and product teams, and help them develop a mindset of thinking about adverse scenarios and how a system can be subverted
• Provide guidance to development and SRE teams on the mitigation of vulnerabilities
• Stay informed of the latest developments in adversarial tactics and techniques and application vulnerabilities - especially in financial and digital asset space - and adapt the strategy or tooling to address new threats

What We're Looking For:

• Bachelor or post-graduate diploma in cybersecurity or technology
• 5 years experience in security research and web penetration testing
• 3 years experience with cloud and container architectures
• 2 years experience in a full-time programming role
• Programming and scripting language experience; Java, C++, Python, or similar languages
• Security certification in cybersecurity testing -or- network security -or- application security (OSWE/CEH, Network+, CSSLP)
• Attention to detail, to be able to plan and execute tests on a wide range of applications
• Excellent communication skills and the ability to collaborate effectively with cross-functional teams
• Ability to think creatively and strategically to identify flaws and vulnerabilities
• Experience with automated security testing such as DAST, SAST, SCA
• Willingness to travel up to 15% of the year

Bonus Points:

• Cryptocurrency, trading, and derivatives financial products knowledge
• Familiarity with multi-participant approvals such as MPC and multi-signature

Base Salary Range: $180,000 - $220,000

• Competitive base salary, bonus, and equity compensation
• Flexible Time Off (i.e. unlimited paid vacation days)
• Company paid Holidays (11)
• Company paid sick leave
• Company-paid health and protective benefits for employees, partners, and other dependents
• 3% 401(k) company contribution
• Generous paid Parental Leave
• Free virtual coaching and counseling sessions through Ginger
• Opportunities to learn about the Crypto industry
• Free daily snacks in-office
• Smart, entrepreneurial, and fun colleagues
• Employee Resource Groups