Application Security Engineer
Remote - Sliema, Sliema, Malta
Applications have closed
Qredo
Qredo is a cross-chain protocol for asset managers and traders active in the digital asset markets. Using our institution-grade, layer 2 infrastructure, investors can now hold all their crypto assets securely in one place, with unlocked access...At Qredo we are developing state of the art cryptographic services to solve the problem of private key management in Tier 1 blockchains. Specifically, we are using Multi-Party Computation Threshold signature scheme (MPC-TSS) for ECDSA and EdDSA to run a distributed, highly available network of signing nodes.
Responsibilities:
- Drive adoption and coverage of automated Application security testing in the Secure SDLC process and CI/CD pipelines (SAST, DAST, SCA, others).
- Perform security-related design and implementation reviews and risk analysis of the platform.
- Evaluation of security controls to insure adherence with compliance and industry best practices.
- Working with key business stakeholders to maintain and improve security activities in a timely and planned manner.
- Find and remediate security flaws across the software stack using penetration testing, vulnerability scanning and source code reviews.
- Support activities related to incorporating the Shift-left security approach.
- Maintain and improve secure coding standards and guidelines and deliver secure application development trainings.
- Develop technical documentation, including functional and system design specifications and Standard Operating Procedures as necessary.
- Work with external penetration testers to continuously improve security of the platform.
- Manage and improve our Bug Bounty program by coordinating with researchers and in-house developers, to evaluate, rank and remediate reported vulnerabilities.
- Developing and maintaining various custom automation tools to improve the capabilities and efficiency of the Application security team and the overall security of the company.
- Participate in Security incident response activities as needed.
Requirements
- Solid understanding of Information Security principles and the specific behaviours and practices that would help secure Qredo’s information assets and intellectual property.
- Experience with Secure Software Development Lifecycle methodologies and security frameworks (OWASP standards, SANS, MITRE, NIST, others).
- Ability to clearly communicate security requirements and translate them into tangible project deliverables.
- Excellent analytical skills, attention to detail, and ability to methodically troubleshoot complex issues.
- Hands-on experience with static and dynamic vulnerability identification using industry-leading scanning tools.
- Bachelor’s Degree in Computer Science, Information security or relevant professional experience;
Benefits
- Working from home
- Competitive Salary
- Career Growth Opportunities
About Qredo
Qredo works at the cutting-edge of cybersecurity, decentralized finance and blockchain. We use the latest innovations in cryptography and distributed ledger technology to deliver unique solutions for securing and trading digital assets. Qredo is a well-funded, VC backed start-up with a clear mission and unprecedented demand for our products. Qredo is the ideal company for hard-working, highly creative engineering staff who enjoy working in a friendly, collaborative environment.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation Blockchain CI/CD Compliance Computer Science Cryptography DAST ECDSA Finance Incident response NIST OWASP Pentesting Risk analysis SANS SAST SDLC Vulnerabilities
Perks/benefits: Career development Competitive pay Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Security Operations Engineer jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs