Application Security Engineer
Posted on Sep 14, 2020 by ErisX
ErisX is at the fast-moving intersection of financial markets and digital assets. We are rich with capital markets history and the creativity and energy of a FinTech start up. It is with this entrepreneurial mindset combined with the input of the most successful and forward-thinking investors, and clients, that we work together to develop disruptive technologies and capital markets products. Backed by premier exchanges, trading firms, brokers and private equity firms, our team is made up of financial services executives, technologists and market experts. We thrive on knowledge, execution and collaboration. This is reflected in our core values which include; growing the knowledge through coaching, curiosity, constant learning and teaching. We strive to advance deliberately and with a purpose through nimble, thoughtful, creative and disciplined action. These values are more than just words, they reflect our culture and are the way we believe we should operate as an exchange.
As the Application Security Engineer, your job is to take ownership and drive efforts to integrate security into all aspects of software development. Youll work closely with DevOps, Engineering, and Security teams to solve problems, evolve processes, and improve our application security posture. We are looking for someone with strong, hands-on engineering expertise who wants to take responsibility for designing new ways of securing the software that supports trading of digital assets. Cryptocurrency is an evolving and fast-moving area; the ability to remain nimble yet deliver robust and secure services to clients is essential. Our ideal candidate is a creative and analytical problem solver with strong technical troubleshooting skills and the ability to exercise mature judgment under pressure.
* Manage security integration into the SDLC process
* Help evolve application security functions and services
* Develop subject matter expertise for application security solutions within ErisX
* Identify security exposures and develop mitigation plans
* Participate in application security testing efforts
* Participate in application vulnerability scanning and penetration testing
* Support code reviews across all code platforms
* Own and document small/medium security-related epics and follow through until completion.
* Experience in application security technologies and processes within public cloud environments (AWS, GCP, etc.) including monitoring and implementing OWASP web application security best practices, API security, authentication mechanism, vulnerability and application scanning, and web application scanning/firewalls (WAS/WAF).
* Experience with manual and automated software testing, fuzzing, static/dynamic code analysis, and manual code reviews.
* 2+ years of experience working directly in Application Security
* Strong communication and collaboration skills
* Working knowledge of Linux
* Familiarity with technology/tools such as Kubernetes, Docker, Puppet, Jenkins, Ansible, Terraform, etc.
* Demonstrated ability integrating security concepts into a DevOps Software Development Lifecycle (SDLC), including for threat modeling and security architecture design/specification, both at the full system level component levels
* Ability to demonstrate past experience making trade-offs between functional and usability requirements with security requirements
* Familiarity with cryptography concepts (AES vs. RSA, PKI, TLS, etc.)
* Solid understanding of network protocols and security concepts
Candidates must be eligible to work in the United States.
Set up alerts to get notified of new vacancies.