Principal Security Engineer

Brief Overview:
Through your work at Vauld, you will have the opportunity to change money for the 21st century. We’re a leading crypto banking platform and are passionate about increasing economic freedom worldwide.  
We are looking for an individual contributor who is passionate about information security and helps create a culture across the entire company that is security conscious. You will work closely with engineering teams to build security into the product early in the SDLC. 
Responsibilities:
- Work closely with engineering teams in the software development lifecycle (SDLC) to ensure that designs and implementations follow security best practices. - Architect and continuously improve security technology stack, process and procedures, support model, and cross-function interactions.- Think like a hacker and have a keen eye for spotting STRIDE-based vulnerabilities in design and implementations.- Perform Proof of Concept for Security features working closely with the engineering teams and proactively following through to successful implementation in the product. - Utilize vulnerability scanning and application/infrastructure monitoring tools effectively to improve the Organization’s security posture.- Participate in compliance efforts when necessary. Promote and drive adoption of application and platform security tooling across the organization.- Develop and report application and platform security tool coverage metrics and remediation plans and define procedures to validate the effectiveness of the design, deployment, and management of security controls to maintain confidentiality, integrity, and availability of application and platform security technology stack.- Should be able to translate regulatory requirements into practical implementation instructions for other engineers.
Qualification & Experience:
- Seven or more years of relevant work experience.- Experience designing and securing applications involving Public Cloud like AWS, Azure, Google Cloud, etc.- Experience using one or more programming/scripting languages (e.g., Python, Go, Java, etc.)- Knowledge of Transport Layer protocols such as TCP/TLS and Application layer protocols such as HTTP, SIP, and SRTP. - Ability to think outside the box and develop good threat models for design and misuse cases to validate it. - Knowledge of the latest OWASP Top 10 and SANS Top 25 vulnerabilities and the corresponding mitigation techniques.- Knowledge on Attack adversary based on MITRE ATT&CK framework.- Experience with tools from 3rd party vendors such as Tenable, Rapid7, Qualys, Whitehat, and/or open-source tools such as Nessus, Metasploit, Burp Suite, and Nmap.- Familiarity with source code management tools (e.g., Github, Bitbucket)Familiarity with securing data across multiple database technologies (e.g., MySQL, Redis, Hive)

Good to Have: - Previous work experience in product-based startups- Understands the cryptocurrency landscape
Working at Vauld:You will join a fun and intellectually stimulating work environment. If you’re excited by the idea of making a real impact and joining a team where we pride ourselves on being disruptive and ambitious, a career with Vauld is perfect for you. 
Applying:We would love to hear from you even if you don’t fulfill 100% of the above requirements, or are unsure about whether this would be the right fit. Please write to us at hello@vauld.com with your resume and any other relevant information. 
Equal Opportunity:Vauld is committed to diversity in its workforce and is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to religion, gender, sexual orientation, or any other basis.