Senior DevSecOps Engineer

BitMEX is the world’s leading cryptocurrency derivatives trading platform, which has pioneered cryptocurrency trading through relentless commitment to change, and continues to set benchmarks for innovation, liquidity, and security today.

As the world's most advanced peer-to-peer crypto-products trading platform and API, BitMEX gives knowledge, confidence, and precision to hundreds of thousands of traders, transacting billions of USD a day.

Overview

The goal of a DevSecOps Engineer is to proactively identify and help mitigate technical risk in all software pipelines within BitMEX. They will achieve this through a strong partnership with DevOps, with a combination of security gate implementation & management, security control administration and overall reporting while working closely with DevOps, alongside the Detection & Response, AppSec and Infrastructure Security teams.

Responsibilities

Design and implement secure automation solutions for development, testing, and production environments

• Collaborate with Product Management and Architects to contribute to the roadmaps of CI/CD Pipeline
• Implement security controls, best practices and configuration management 
• Hands-on contributor and code reviewer on DevSecOps related projects
• Employ infrastructure as code paradigm to increase automation, scalability, and reliability
• Perform technology watch related to industry trends and best practices.
• Maintains extensive knowledge of state-of-the-art principles, theories, and practices around all things software-related. Identifies and recommends long-term technologies of relevant company interest and proposes long-term development strategy on cutting-edge trends and developments in area of expertise.

Qualifications

• 10+ years of security industry experience, with minimum 2 years in a DevSecOps role.
• Experience building tools for Continuous Integration and Continuous Deployment systems. Familiarity with DevSecOps principles for integrating security solutions in products like Jenkins, Helm, ArgoCD.
• Proven experience and understanding of security principles across infrastructure platforms, data layers, integration points, and application layers.
• Demonstrated experience architecting and developing security solutions during the secure software development lifecycle program or secure lifecycle improvement efforts and managing large scale projects to completion.
• Adapt to evolving security and business priorities quickly and effectively. Loves new technological challenges and excels at solving them.
• Modern infrastructure and application development experience using public cloud primitives. You should be familiar with kubernetes, serverless architecture and infrastructure as Code tools like Terraform, Ansible, Chef.
• Knowledge of Kubernetes DNS how it interacts with external DNS servers.
• End to end troubleshooting experience.

Good to have

• Common security certifications such as GSEC, CEH, CISSP, CCSP, or CCSK.
• Good understanding of Public Key Infrastructure (PKI).
• Technical understanding of management implementations for identity like MFA, 2SV, SAML, OAuth.
• Experience with Prometheus/Thanos, Graphite, Fluentd.
• Experience with data templating languages like Jsonnet or related a plus.

#LI-CH1

Join us, as we build a thriving cryptocurrency ecosystem through strategic investments in emerging cryptocurrency technology, and create the future of digital financial services.