Application Security Engineer

BitMEX is the world’s leading cryptocurrency derivatives trading platform, which has pioneered cryptocurrency trading through relentless commitment to change, and continues to set benchmarks for innovation, liquidity, and security today.

As the world's most advanced peer-to-peer crypto-products trading platform and API, BitMEX gives knowledge, confidence, and precision to hundreds of thousands of traders, transacting billions of USD a day.

Role Overview

The goal of the application security engineer is to ensure that no code running in BitMEX’s environments is actively malicious or vulnerable to exploitation. She or he achieves this by implementing a variety of security controls in the form of automated code scanning, security reviews, secure coding guidelines, implementation of secure by default services and libraries, and manual security testing. The application security engineer works closely with the security detection and response and product engineering (PE) teams to implement application security controls and alerting for known attacks, and helps triage application security vulnerabilities that arise.

Key Responsibilities:

• Identify and mitigate application security threats against the BitMEX platform
• Participate in internal threat modelling exercises
• Collaborate closely with other teams to increase visibility and help mitigate appsec related threats to the product
• Provide clear, prescriptive guidance for teams implement security sensitive features and services
• Be a team player and someone that others feel comfortable approaching with appsec questions

Skills, Traits & Competencies:

• 5+ years of security industry experience, 2+ years in an appsec role
• Strong software development skills with a background in some combination of Python, Ruby, Golang, NodeJS
• Strong understanding of common appsec controls, such as CSP, SRI, the same-origin policy, cookie security, etc
• Strong understanding and practical experience attacking web application vulnerabilities such as XSS, CSRF, XXE, SQLi, LFI/RFI, etc.

Join us, as we build a thriving cryptocurrency ecosystem through strategic investments in emerging cryptocurrency technology, and create the future of digital financial services.