AppSec
Прямой работодатель emcd. ( emcd.io )
Опыт работы более 5 летот 5 000 $
Are you passionate about securing cutting-edge applications in the fast-paced world of cryptocurrency? Want to work with a talented team, enhancing security and protecting valuable assets in a growing digital landscape?
If so, we’d love to have you on board!
As an Application Security Engineer, you’ll be responsible for ensuring the safety and security of our crypto-related applications, working closely with cross-functional teams to develop and implement best practices in application security.
Responsibilities:
- Collaborate with development and DevOps teams to address security issues in the software development lifecycle.
- Conduct security architectural reviews, set security requirements, and ensure new features meet security standards.
- Create and update security policies, standards, and procedures related to secure development.
- Identify and mitigate risks associated with application infrastructure, implementing effective security measures.
- Research and improve methods for detecting security threats in the cryptocurrency industry, proposing strategies to counteract them.
- Design DevSecOps solutions, onboard and configure AppSec tools (DAST, SAST).
- Participate in Patch and Vulnerability Management processes, assessing security vulnerabilities in applications and infrastructure.
- Develop security practices for designing secure APIs.
- Stay updated on modern approaches to securing crypto-asset applications.
Requirements:
- A degree in a relevant field, such as Information Security or Computer Science.
- 5+ years of experience in Application Security.
- Proficiency in reading and understanding Bash, Python, and Go code, with the ability to identify security flaws.
- Knowledge of common security vulnerabilities and protection methods.
- Hands-on experience with security tools (SAST, DAST, SIEM, WAF, Anti-DDoS, Vulnerability Management).
- Familiarity with security standards and frameworks (NIST, MITRE, ISO 27k, PCI-DSS, OWASP ASVS, OWASP Top 10, OWASP SAMM).
- Understanding of containerization and orchestration security (Docker, K8s).
- Technical knowledge of Blockchain and cryptography, as well as best practices in securing corporate information systems (Zero Trust, 2FA/MFA, Principle of Least Privilege).
- Proficiency in technical English, for understanding documentation and communicating with international standards.
Nice-to-Have:
- Experience with API security testing.
- Understanding of SSDLC and DevSecOps processes.
- Relevant certifications (BSCP, OSWE, OSCP).
- Active profile on security learning platforms (e.g., HackTheBox).
- Participation in CTF competitions.
What We Offer:
- Fully remote position — work from anywhere!
- 28 days of paid vacation and fully paid sick leave.
- Competitive salary in USDT.
- Opportunity to work in a fast-growing and innovative cryptocurrency company