Offensive Security Engineer
Hong Kong
Applications have closed
BitMEX
Welcome to BitMEX, Most Advanced Crypto Trading Platform for Bitcoin. Home to the Perpetual Swap, industry leading security, up to 100x leverage and a 100% verified customer base.The Company
BitMEX is the world’s leading cryptocurrency derivatives trading platform, which has pioneered cryptocurrency trading through relentless commitment to change, and continues to set benchmarks for innovation, liquidity, and security today.
As the world's most advanced peer-to-peer crypto-products trading platform and API, BitMEX gives knowledge, confidence, and precision to hundreds of thousands of traders, transacting billions of USD a day.
Join us, as we build a thriving cryptocurrency ecosystem through strategic investments in emerging cryptocurrency technology, and create the future of digital financial services.
Overview
The goal of an Offensive Security Engineer is to proactively identify and help mitigate technical risk across all BitMEX systems, people, and processes. They will achieve this through a combination of penetration testing, adversary simulation, red/purple teaming, ongoing vulnerability assessment activities and tools development while working closely alongside the Detection & Response, AppSec and Infrastructure Security teams.
Responsibilities
- Discover vulnerabilities in BitMEX Corporate infrastructure before a malicious external actor does.
- Discover vulnerabilities in BitMEX Production infrastructure before a malicious external actor does.
- Discover vulnerabilities in BitMEX Physical (office, badging, ..) infrastructure before a malicious external actor does.
- Discover vulnerabilities in BitMEX Executive infrastructure (homes, private/home offices) before a malicious external actor does.
Qualifications
- 5+ years of experience in security testing, vulnerability and/or red team assessment at a top tech or finance company.
- Experience performing physical penetration tests.
- Experience performing “Purple Team” exercises using the Mitre ATT&CK Framework.
- Strong software development skills in Python, Golang, NodeJS, Ruby, C, C++, or similar.
- Deep knowledge of Amazon Web Services, GCP, and general Cloud infrastructure security.
- Deep understanding of DevOps/CICD environments, attack vectors and mitigating controls. Familiarity with Docker/Kubernetes.
- Comfortable operating across a wide variety of platforms, operating systems, and technologies.
- Ability to work collaboratively and cross functionally with the other security teams.
Tags: APIs Application security C Cloud Crypto DevOps Docker Finance GCP Golang Kubernetes MITRE ATT&CK Node.js Offensive security Pentesting Python Red team Ruby Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs