Senior Application Security Engineer

Job Description

Summary:

Our Client is looking for someone to lead the design and build of secure applications and infrastructure. The scope of the role is broad; you will be taking a critical role ensuring the quality of architecture and design of the company’s trading platform, helping establish technical standards and processes to write secure programs, defining security requirements for critical infrastructure, as well as solving new and emerging security challenges in the cutting-edge blockchain financial industry.

The successful candidate will have a good mix of deep technical knowledge and a demonstrated background in information security. Our Client values broad and deep technical knowledge, specifically in the fields of application security for cryptography, application, operating systems, cloud systems, web/mobile applications, blockchain systems, cryptocurrency wallets, and emergent security intelligence.

Responsibilities:

  • Partner with development and operations on designing and building secure applications and infrastructure for critical web, mobile blockchain systems as well as corporate systems.
  • Design and implement an application security program.
  • Audit source code and implement secure coding practice.
  • Create threat models and security advisory for projects across the organizations.
  • Understand security vulnerabilities and provide relevant technical guidance for the development team.
  • Design and implement a DevSecOps program with input from the Information Security and Development teams.
  • Recognize, adopt, and install the best practices in application security fields throughout the organization: leadership, development, support, network infrastructure, policy, compliance, and PR.
  • Communicate effectively at multiple levels of sensitivity, and multiple audiences.

Requirements:

  • 7+ years of relevant, broad engineering experience in information security.
  • 3+ years of experience on an Application Security team, especially in providing high-quality threat models and auditing source code.
  • In-depth understanding of enterprise application security program, software engineering practice, and development/deployment process.
  • In-depth understanding of cryptography and any relevant technologies used in cryptocurrency systems.
  • Excellent knowledge of the operating system, web, and mobile technologies.
  • A deep understanding of ASP.NET is a huge plus.
  • Experience leading the delivery of large-scale security projects.