BitMEX is the world’s leading cryptocurrency derivatives trading platform, which has pioneered cryptocurrency trading through relentless commitment to change, and continues to set benchmarks for innovation, liquidity, and security today.
As the world's most advanced peer-to-peer crypto-products trading platform and API, BitMEX gives knowledge, confidence, and precision to hundreds of thousands of traders, transacting billions of USD a day.
Overview
The goal of an Application Security Engineer is to proactively identify and help mitigate technical risk in all software & infrastructure applications within BitMEX. They will achieve this with a combination of security gate implementation & management, security control administration and overall reporting in the software development lifecycle. They will be working alongside, and supported by Security Architect and Vulnerability Management security functions.
Key Responsibilities
- Design and implement secure automation solutions for development, testing, and production environments
- Collaborate with Product Management and Architects to contribute to the roadmaps of application security controls
- Implement security controls, best practices and configuration management
- Hands-on contributor and code reviewer on application security and CI/CD pipeline related projects
- Employ infrastructure as code paradigm to increase automation, scalability, and reliability
- Perform technology watches related to industry trends and best practices.
- Maintains extensive knowledge of state-of-the-art principles, theories, and practices around all things software-related. Identifies and recommends long-term technologies of relevant company interest and proposes long-term development strategy on cutting-edge trends and developments in area of expertise.
Qualifications
- 10+ years of security industry experience
- In-depth knowledge and experience with security tools such as SAST, SCA, supply chain & container security.
- Experience implementing security gates in Continuous Integration and Continuous Deployment systems. Familiarity with security principles for integrating security solutions in products like GitLab CI/CD, GitHub Actions, Jenkins, Helm, ArgoCD.
- Modern infrastructure and application development experience using public cloud primitives. You should be familiar with kubernetes, serverless architecture and infrastructure as Code(IaC) tools such as terraform, ansible, chef.
- Solid experience in managing and configuring Git based Source Code Management solutions, such Github, Gitlab
- Proven experience and understanding of security principles across infrastructure platforms, data layers, integration points, and application layers.
- Demonstrated experience architecting and developing security solutions during the secure software development lifecycle program or secure lifecycle improvement efforts and managing large scale projects to completion
- Adapt to evolving security and business priorities quickly and effectively. Loves new technological challenges and excels at solving them.
Good to have
- Common security certifications such as GSEC, CEH, CISSP, CCSP, or CCSK.
- Good understanding of Public Key Infrastructure (PKI)
- Technical understanding of management implementations for identity like MFA, 2SV, SAML, OAuth, OIDC.
- Experience with Grafana/Loki/Prometheus/Thanos, Graphite, Fluentd
- Experience with data templating languages like Jsonnet or related a plus