Application Security Engineer Application Security Engineer …

100x Group
à Hong Kong
CDI, Plein-temps
Soyez parmi les premiers à postuler
Based on experience
100x Group
à Hong Kong
CDI, Plein-temps
Soyez parmi les premiers à postuler
Based on experience
Diffusée par:
Christy Ho • Recruiter
Diffusée par:
Christy Ho
Recruiter
The goal of the application security engineer is to ensure that no code running in BitMEX’s environments is actively malicious or vulnerable to exploitation. She or he achieves this by implementing a variety of security controls in the form of automated code scanning, security reviews, secure coding guidelines, implementation of secure by default services and libraries, and manual security testing. The application security engineer works closely with the security detection and response and product engineering (PE) teams to implement application security controls and alerting for known attacks, and helps triage application security vulnerabilities that arise.

The Company

100x is the result of the phenomenal success of BitMEX, the world’s leading cryptocurrency derivatives trading platform, which has pioneered cryptocurrency trading through relentless commitment to change, and continues to set benchmarks for innovation, liquidity, and security today.

As the world's most advanced peer-to-peer crypto-products trading platform and API, BitMEX gives knowledge, confidence, and precision to hundreds of thousands of traders, transacting billions of USD per day.

Join us, as we build a thriving cryptocurrency ecosystem of 100x Group companies, through strategic investments in emerging cryptocurrency technology, and create the future of digital financial services.

Overview

The goal of the application security engineer is to ensure that no code running in BitMEX’s environments is actively malicious or vulnerable to exploitation. She or he achieves this by implementing a variety of security controls in the form of automated code scanning, security reviews, secure coding guidelines, implementation of secure by default services and libraries, and manual security testing. The application security engineer works closely with the security detection and response and product engineering (PE) teams to implement application security controls and alerting for known attacks, and helps triage application security vulnerabilities that arise.

Key Responsibilities:

  • Identify and mitigate application security threats against the BitMEX platform
  • Participate in internal threat modelling exercises
  • Collaborate closely with other teams to increase visibility and help mitigate appsec related threats to the product
  • Provide clear, prescriptive guidance for teams implement security sensitive features and services
  • Be a team player and someone that others feel comfortable approaching with appsec questions

Skills, Traits & Competencies:

  • 5+ years of security industry experience, 2+ years in an appsec role
  • Strong software development skills with a background in some combination of Python, Ruby, Golang, NodeJS
  • Strong understanding of common appsec controls, such as CSP, SRI, the same-origin policy, cookie security, etc
  • Strong understanding and practical experience attacking web application vulnerabilities such as XSS, CSRF, XXE, SQLi, LFI/RFI, etc.

Desired Results/Deliverables:

  • Integrate additional code repositories and sites in to SAST and DAST
  • Triage and rank sort PE projects by security impact criticality
  • Provide design, architecture, and code reviews for high security impact PE features
  • Collaborate with Offensive Security to perform app pentests on internal services
  • Develop additional custom SAST checks for security vulnerabilities and dangerous diffs
  • Implement 2FA enhancements for the product
  • Automated local dev and CI/CD SAST checks and flagging of dangerous commits
  • Integrate all internal CI/CD pipelines in to SAST and DAST
100x Group logo
Offres similaires
Plus d'offres
Close
Loading...
Loading...