Application Security Engineer

Remote - Sliema, Sliema, Malta

Qredo

Qredo is a cross-chain protocol for asset managers and traders active in the digital asset markets. Using our institution-grade, layer 2 infrastructure, investors can now hold all their crypto assets securely in one place, with unlocked access...

View company page

At Qredo we are developing state of the art cryptographic services to solve the problem of private key management in Tier 1 blockchains. Specifically, we are using Multi-Party Computation Threshold signature scheme (MPC-TSS) for ECDSA and EdDSA to run a distributed, highly available network of signing nodes.


Responsibilities:

- Drive adoption and coverage of automated Application security testing in the Secure SDLC process and CI/CD pipelines (SAST, DAST, SCA, others).
- Perform security-related design and implementation reviews and risk analysis of the platform.
- Evaluation of security controls to insure adherence with compliance and industry best practices.
- Working with key business stakeholders to maintain and improve security activities in a timely and planned manner.
- Find and remediate security flaws across the software stack using penetration testing, vulnerability scanning and source code reviews.
- Support activities related to incorporating the Shift-left security approach.
- Maintain and improve secure coding standards and guidelines and deliver secure application development trainings.
- Develop technical documentation, including functional and system design specifications and Standard Operating Procedures as necessary.
- Work with external penetration testers to continuously improve security of the platform.
- Manage and improve our Bug Bounty program by coordinating with researchers and in-house developers, to evaluate, rank and remediate reported vulnerabilities.
- Developing and maintaining various custom automation tools to improve the capabilities and efficiency of the Application security team and the overall security of the company.
- Participate in Security incident response activities as needed.

Requirements

- Solid understanding of Information Security principles and the specific behaviours and practices that would help secure Qredo’s information assets and intellectual property.
- Experience with Secure Software Development Lifecycle methodologies and security frameworks (OWASP standards, SANS, MITRE, NIST, others).
- Ability to clearly communicate security requirements and translate them into tangible project deliverables.
- Excellent analytical skills, attention to detail, and ability to methodically troubleshoot complex issues.
- Hands-on experience with static and dynamic vulnerability identification using industry-leading scanning tools.
- Bachelor’s Degree in Computer Science, Information security or relevant professional experience;

Benefits

  • Working from home
  • Competitive Salary
  • Career Growth Opportunities



About Qredo

Qredo works at the cutting-edge of cybersecurity, decentralized finance and blockchain. We use the latest innovations in cryptography and distributed ledger technology to deliver unique solutions for securing and trading digital assets. Qredo is a well-funded, VC backed start-up with a clear mission and unprecedented demand for our products. Qredo is the ideal company for hard-working, highly creative engineering staff who enjoy working in a friendly, collaborative environment.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Application security Automation Blockchain CI/CD Compliance Computer Science Cryptography DAST ECDSA Finance Incident response NIST OWASP Pentesting Risk analysis SANS SAST SDLC Vulnerabilities

Perks/benefits: Career development Competitive pay Startup environment

Regions: Remote/Anywhere Europe
Country: Malta
Job stats:  22  3  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.