Application Security Engineer

Working At Bitso

We are a diverse team that takes pride in understanding the perspectives of others. We fully embrace working remotely and we are eager to act, improve and accelerate progress inside and outside of our organization.

To drive revolutionary changes in society and make crypto useful, we delight our customers with world-class products, deep care, and intentional empathy.

Team description/objective:

As an Application Security Engineer, you will collaborate closely with development teams, serving as a Subject Matter Expert to offer technical advisory support in comprehending potential threats and vulnerabilities that could impact the Bitso’'s applications. Additionally, you will be an integral part of the team promoting the adoption of the DevSecOps approach throughout the organization. 

The role of the Application Security Engineer involves conducting and overseeing security scans early in the Software Development Life Cycle (SDLC) and coordinating the remediation of findings with other teams in the company. Success in this position necessitates proactive engagement and availability 24x7

What we value:

• Passion, technical expertise, and personal accomplishments.
• Independent ownership of business problems and their solutions.
• Attitude of helping others and sharing your knowledge.
• Passion for aggressively automating everything we do.
• Rolling up your sleeves and getting things done.

Responsibilities

• Collaborate with cross-functional teams to integrate security controls into the SDLC.
• Work with engineering members acting as subject matter expert on vulnerabilities and security threats.
• Coordinate efforts to remediate identified application security risks and vulnerabilities.
• Conduct thorough security assessments, including code reviews and penetration testing, to identify vulnerabilities in applications.
• Train developers, security champions and teams in security coding techniques.
• Participate in the continuous improvement of security policies, procedures, and standards.

To succeed in this role, you’ll need:

• 3+ years of experience in DevSecOps or related roles.
• You are proficient in English both written and spoken.
• Proven experience as an Application Security Engineer or in a similar role.
• In-depth knowledge of secure coding practices and common vulnerabilities (OWASP Top 10).
• Experience with some of the most common SSDLC frameworks, such as Microsoft SDL, OWASP SAMM and NIST SP 800-64.
• Strong programming skills (i.e., Python, Java, PHP) and familiarity with common web application frameworks.
• Familiarity with DevSecOps principles and integration of security in CI/CD pipelines.
• Hands-on experience with static application security testing (SAST/SCA).

Additionally, it would be nice if you:

• Are familiar with vulnerability disclosure and bounty programs.
• Knowledge of AWS services.
• Have technical certifications including but not limited to OSCP, OSWA, OSWE, eCPPT, eWPT.
• Actively research about security, publishing in social media, personal blog, etc.
• Have published any security related article, papers, exploits, CVEs, etc.
• Are looking for a dynamic, fast-paced and challenging role.

Research in Diversity, Equity, and Inclusion suggests that individuals may hesitate to apply for jobs if they do not meet all the listed criteria. At Bitso, we value diversity and your unique strengths could be just what we're looking for. If this role excites you but you don't match every point in the description, we still want to hear from you.

#LI-Remote 

Who We Are

With over 7 million users, Bitso is the leading cryptocurrency platform in Latin America. We are developing the cryptocurrency ecosystem in the region and enabling financial inclusion. We believe crypto is the future of finance, and we’re committed to making it useful by providing equal access to safe and intuitive financial products.

We are here to make a lasting impact on our customer’s lives and we do so by embracing our core values:

• Be Human: we delight our customers through great products, deep care and true empathy. We are humble and we take pride in understanding the views of others to help us see the full picture.
• Drive Change: we're fearless pioneers committed to unlocking the crypto revolution for humanity. We move fast, take risks and work together to drive lasting impact.
• Choose Bold Honesty: we seek the truth, especially when it’s uncomfortable, in our teams, products and business reality because that will uncover where we need to focus.
• Be An Owner: our sense of urgency makes us have a bias towards action, where we prioritize exceptionally and are wise in allocating our time to ensure we always deliver creative and innovative results.

Learn more about our culture and values.

Compensation & Benefits

At Bitso, you are taking the front seat on the edge of crypto innovation, creating the next generation of crypto-powered products.

So for those willing to commit, adapt and pioneer the most important change of the century we offer:

• Me Time program, including unlimited paid time off.
• Remote-first work environment.
• Employee Stock Option program.
• Zero trading fees through our Bitso app.
• Extended Family Leave policy: all birthing parents, non-birthing parents and adopting parents are eligible for a 4-months leave.
• Premium health, dental and life insurances in Mexico, Brazil and Argentina.
• Volunteering days.
• Monthly stipend for gym memberships, relaxation activities, sports equipment, cooking classes, books, entertainment and more.

Want to leave an undoubtedly legacy with us? Fasten your seatbelt and join this spaceship, where you will find exponential growth and the opportunity to thrive!

• These are the applicable requisites, although equivalent competencies in any of the above will also be considered.
• This role is expected to work remotely.
• To see our Privacy Policy please click here.