Security Penetration Tester
Singapore
Applications have closed
BitMEX
Welcome to BitMEX, Most Advanced Crypto Trading Platform for Bitcoin. Home to the Perpetual Swap, industry leading security, up to 100x leverage and a 100% verified customer base.The Company
BitMEX is the world’s leading cryptocurrency derivatives trading platform, which has pioneered cryptocurrency trading through relentless commitment to change, and continues to set benchmarks for innovation, liquidity, and security today.
As the world's most advanced peer-to-peer crypto-products trading platform and API, BitMEX gives knowledge, confidence, and precision to hundreds of thousands of traders, transacting billions of USD a day.
Join us, as we build a thriving cryptocurrency ecosystem through strategic investments in emerging cryptocurrency technology, and create the future of digital financial services.
Overview
The goal of the penetration tester is to ensure that no code running in BitMEX’s environments is vulnerable to exploitation through active simulated attack scenarios. She or he achieves this by meeting with internal teams to identify and scope potential targets, identify or set up a test environment(s), perform simulated attacks against the system(s), and clearly document any findings and present them to the team along with recommended mitigations. The penetration tester has expert knowledge of common attacks and vulnerabilities at all levels of the technology stack, including expert knowledge of all Common Weakness Enumeration (CWEs) types, OWASP top 10, and MITRE ATT&CK exploitation methods and how to test for each.
Key Responsibilities:
- Identify, report, and help mitigate security vulnerabilities against the BitMEX platform and internal services
- Keep up to date on the latest attack methodologies and vectors
- Participate in internal threat modelling exercises
- Collaborate closely with the PE, DevOps, Offensive Security, and Application Security teams to identify systems and features ripe for testing
- Provide clear documentation on identified vulnerabilities and recommended mitigations to impacted teams
- Be a team player and someone that others feel comfortable approaching with security questions
Skills, Traits & Competencies:
- 5+ years of security industry experience, 2+ years in an penetration testing role
- Strong background and expert practical understanding of Common Weakness Enumeration (CWEs) types, OWASP top 10, and MITRE ATT&CK exploitation methods
- Strong understanding of common appsec controls, such as CSP, SRI, the same-origin policy, cookie security, etc
- Strong understanding of practical attacks on cryptographic services, such as TLS (POODLE, Padding Oracle, Length Expansion, etc.)
- Excellent written and verbal communication skills in order to effectively communicate vulnerability criticality and grading
Tags: APIs Application security Crypto DevOps MITRE ATT&CK Offensive security Oracle OWASP Pentesting TLS Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs