Security Engineer / Penetration Tester (HK)
Hong Kong
Applications have closed
Crypto.com
Over 80 million users buy, sell, and trade Bitcoin, Ethereum, NFTs and more on Crypto.com. Join the World's leading crypto trading platform.Crypto.com was founded in 2016, Crypto.com today serves over 10 million customers with the world’s fastest growing crypto app, along with the Crypto.com Visa Card — the world’s largest crypto card program — the Crypto.com Exchange and Crypto.com DeFi Wallet. Recently launched, Crypto.com NFT is the premier platform for collecting and trading NFTs, carefully curated from the worlds of art, design, entertainment and sports.
Crypto.com is built on a solid foundation of security, privacy and compliance and is the first cryptocurrency company in the world to have ISO/IEC 27701:2019, ISO27001:2013 and PCI:DSS 3.2.1, Level 1 compliance, and independently assessed at Tier 4, the highest level for both NIST Cybersecurity and Privacy Frameworks.
With over 4000 people in offices across the Americas, Europe and Asia, Crypto.com is accelerating the world’s transition to cryptocurrency. Find out more: https://crypto.com
For more information, please visit www.crypto.com.
What you will do:
- Discover security vulnerabilities through design review, source code review and penetration testing, either manually or by using automated tools, and follow up on the remediation process
- Participant in relevant agile scrum meetings and provide professional recommendations on the design of security controls, libraries, and/or protocols
- Conduct security related training sessions
- Implement various security control verification and risk detection through automated scripts
- Provide support on application level security monitoring, intrusion detection, and incident response
Requirements
- OSCP (or equivalent, such as CREST) is a MUST. We know being certified doesn’t mean you are good, but at least it shows you have the baseline knowledge and are willing to try harder. In addition this is important when we talk to our auditors and regulators
- You are expected to know OWASP Top 10 from inside out and beyond, and with a very strong security sense around logic flaws
- At least 2 years of experience in Web API testing, use BurpSuite like a Pro and be able to spot suspicious request/response parameters out of intuition
- Optional: Hands on experience on Mobile App testing, a good understanding of Jailbreaking/Rooting a device, API hooking, reverse engineering, de-obfuscation
- Optional: Good understanding of docker related technologies and AWS services such as Kubernetes, ECS, VPC, IAM, etc.
- Optional: Familiar with at least one scripting language and be able to implement some degree of automation
- Proficiency in both spoken and written English. Being able to speak Mandarin will be an advantage
Benefits
- Working in a well-organized team and be able to learn how to protect an Enterprise and ship secure applications at a fast pace
- New challenges every day, but still be able to enjoy work-life balance
- Have exposure to many cutting edge technologies in the industry
- Flexible working environment with adjustable work from home arrangements
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile APIs Automation AWS Burp Suite Compliance CREST Crypto Docker IAM Incident response Intrusion detection ISO 27001 Kubernetes Monitoring NIST OSCP OWASP Pentesting Privacy Reverse engineering Scripting Scrum Vulnerabilities
Perks/benefits: Flex hours
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs