Product Security Engineer

NYDIG is building an inclusive financial system that makes Bitcoin a universal option for billions of people worldwide. We fuse high tech with institutional-grade finance to build technology that makes it easy for partners to white label our solutions and create their own products like bitcoin accounts, rewards, and loyalty programs. Our team is a group of proven innovators with deep domain expertise across finance and technology. We look for passionate, low-ego, excellence-driven people who want to work together on creating technology that will impact the future of finance.

Description

You’ll be trusted to conduct security assessments from start to finish with minimal assistance. Depending on the project, you may perform white, black, or grey box assessments and may develop proof of concept code to demonstrate the severity of findings. You'll tap into your "security instincts" to find vulnerabilities and break down complicated technical issues and the risks they pose to programmers, network engineers, system administrators, and management. The Product Security engineer collaborates with those teams to ensure correct design, development, and implementation of internal and customer facing projects. You’ll also play a big part in securing our cloud infrastructure, contributing to technical design choices in a cloud native AWS environment, helping us secure container set-ups and architect secure CI/CD pipelines.

While deep technical skills are critical to success with us, we're also looking for fast learners who are passionate about security and are constantly researching to stay ahead of the newest threats. You should be analytical and love to problem solve. Teamwork is key so it's important that you know how to collaborate and be a great teammate.

Responsibilities

• Work closely with the technology teams to enable them to iterate safely and quickly
• Provide guidance on architecture patterns, investigate new technologies and roll them out in a secure and repeatable manner
• Work closely within the DevOps team to understand our implemented patterns
• Take part in our weekly on-call support rotation
• Provide troubleshooting and support for existing systems
• Write documentation and provide in-person guidance for building, monitoring, and maintaining our infrastructure

Requirements

• 5+ years of related technical experience in Cybersecurity
• 5+ years of experience with programming and scripting languages and experience working on a software engineering team or closely with one.
• A consistent record of discovering, analyzing, and exploiting application vulnerabilities and misconfigurations in software, on Windows and Linux platforms, or in common container orchestration platforms such as Docker and Kubernetes.
• A track record in helping to secure AWS Cloud environments by shifting the security left towards the developers (secure CI/CD pipelines etc.)
• The ability to work with stakeholders throughout the vulnerability lifecycle to communicate issues and provide remediation guidance
• Proficiency in reading, writing, and auditing source code in both unmanaged and managed languages and the ability to pick up new languages/technologies
• Experience developing custom tools when necessary
• Knowledge of ubiquitous encryption technologies (PGP, SSH, TLS, etc.) and commonly used  authentication protocols (OpenID Connect, OAUTH2, SAML, etc.)
• Knowledge of secure network design and system architecture
• Good understanding of Software Composition Analysis(SCA), SAST, DAST, Threat modeling, and Vulnerability Assessment and Penetration Testing (VAPT)

We'd Love to See

• Experience with infrastructure automation (Cloudformation, Terraform) and configuration management tools (Ansible, Chef, Puppet, and similar) preferred.
• Experience securing containerized applications and their deployments with common orchestration technologies such as Kubernetes, Mesos, or redshift.
• Prefer hands-on experience with DevOps deployment strategies and tools (Jenkins, CircleCI, Github Actions)
• Take a leadership role in defining tools, techniques and technologies used to secure and monitor NYDIG’s infrastructure
• Proficiency in debugging large distributed software applications and applicable tooling to assist. 
• Prior work as a consultant at a highly technical information security consultancy
• Publicly disclosed vulnerabilities (CVEs) and open-source tools

Perks & Benefits

• Highly competitive compensation package
• Generous benefits package including Unlimited PTO
• 401k program with company match
• Flexible unmetered Parental Leave policy

Exceptional benefits package with:

• $1/month premiums for you and your family
• HSA plan option with employer funding
• Dedicated benefit concierge
• Free One Medical membership