Application Security Engineer

  • $180,000-$250,000/year + Profit sharing (0.5-1%)
  • London, England, United Kingdom London England GB
  • Permanent, Full time
  • International Digital Assets Exchange Ltd
  • 10 Aug 18 2018-08-10

Interdax is building a 3rd generation digital asset exchange. Our team comes from top HFTs and exchanges like Nasdaq and NYSE, as well as from well known firms in the blockchain space. We are a well-funded project (8-figure sum) currently operating in stealth mode.

In this role you will ensure the security of our applications and platform. From design to production, you will implement secure coding and AppSec best practices across the SDLC, helping Product and Engineering teams ship robust code as part of a distributed microservices architecture. You will leverage your experience and technical security expertise to prioritise and deliver world-class solutions.

Responsibilities

  • Perform hands-on security threat modeling, risk assessment, and vulnerability remediation
  • Maintain, validate, and communicate the products' threat model, security properties, and trust model
  • Evaluate, architect, implement, and support security-focused tools and services
  • Conduct internal penetration testing coordinating with external auditors
  • Work with DevSecOps to improve the secure software development lifecycle
  • Partner with Product/Engineering teams to define identity access and management, PKI and HSM implementations
  • Perform continuous code audits
  • Monitor latest web application security developments and security trends to continually improve internal processes.
  • Educate software engineers on secure coding techniques and application security best practices

Requirements

  • 7+ years experience as a hands-on security engineer delivering mission-critical technology
  • Understanding of OWASP security concepts and common application security risks, such as XSS, CSRF, SQL Injection, Cookie Manipulation, etc
  • Familiar with vulnerability management and penetration testing tools : NMAP, Nessus, Burp, ZAP, Nexpose, BackTrack, Kali Linux, or Metasploit
  • 5+ years of experience with identity and access management technologies (ABAC/RBAC, Multi Factor Authentication, IDO U2F, etc)
  • Deep knowledge of AuthN/AuthZ protocols (OpenID Connect, OAuth, SAML)
  • Familiarity with code analysis tools (SonarQube, Veracode, etc) 
  • Proficiency with two or more of: JavaScript, Go, Python or C++.
  • BS, MS or PhD in computer science, or related security discipline, or equivalent work experience

Bonus points

  • An interest in financial markets and cryptocurrencies
  • Relevant industry certifications (CISSP, CISA, CISM, CRISC, ISO 27001 or similar)
  • Experience designing for crypto security (e.g. certificate handling and PKI, attestation, TPM/HSM)
  • Familiarity with embedded systems security

Compensation and perks

  • Competitive salary ($180,000-$250,000 / year)
  • Profit sharing (0.5 - 1.5%)
  • Fully remote
  • Flexible work hours
  • Unlimited Vacation Policy
  • Startup culture
  • Team getaways