Security Engineer/Penetration Tester (SG)
Apply for this job
Please reference you found the job post on jobsfordevelopers.com to help us get more companies to post here.
About Crypto.com:
Founded in 2016, Crypto.com serves more than 50 million customers and is the world's fastest growing global cryptocurrency platform. Our vision is simple: Cryptocurrency in Every Wallet™. Built on a foundation of security, privacy, and compliance, Crypto.com is committed to accelerating the adoption of cryptocurrency through innovation and empowering the next generation of builders, creators, and entrepreneurs to develop a fairer and more equitable digital ecosystem.
Learn more at https://crypto.com.
No security practitioner wants to work in a company that no hacker would bother to hack. Crypto.com is a Crypto-currency company with our own Crypto Wallet, Exchange, and various Blockchain Technologies and all these are attracting top-notch hackers around the world to try to attack our system 24x7.
To keep up with the fast pace of the software development release cycle, the Application Security and DevSecOps team is expanding and hiring talented security professionals to join us and protect the company.
Requirements
- OSCP (or equivalent, such as CREST) is a MUST. We know being certified doesn’t mean you are good, but at least it shows you have the baseline knowledge and are willing to try harder. In an increasingly regulated industry, certifications further prove our team’s expertise - in fact we have nearly 100 certifications just within the application security/DevSecOps team.
- You are expected to know application security frameworks like OWASP Top 10 inside out and beyond, and with a very strong security sense around business/financial logic flaws
- At least 2 years of experience in Web API testing, use BurpSuite like a Pro and be able to spot suspicious request/response parameters out of intuition
- Preferable: full-stack approach to application security with understanding on how front-ends and back-ends communicate; how modern applications are developed and deployed in the cloud; and how to read code to understand what happens when the backend receives API requests (Java, Ruby, Elixir, JavaScript)
- Preferable: experience in communicating with development and product teams to effectively remediate application security issues
- Optional: Hands on experience on Mobile App testing, a good understanding of Jailbreaking/Rooting a device, API hooking, reverse engineering, de-obfuscation
- Optional: Good understanding of container related technologies and AWS services such as ECS, EKS, VPC, IAM, etc.
- Optional: Familiar with at least one scripting language and be able to implement some degree of automation
- Proficiency in both spoken and written English. Being able to speak Mandarin will be an advantage
- Willing to learn, energetic, adapt to changes. Have a positive attitude towards cryptocurrency
Benefits
What you can expect from us?
We offer an attractive compensation package working in a cutting-edge field of Fintech.
- Huge responsibilities from Day 1. Be the owner of your own learning curve.
- The possibilities are limitless and depend on you.
- You get to work in a very dynamic environment and be part of an international team.
- You will get to have involvement in developing a brand new product from scratch alongside with a talented team.
Only shortlisted candidates will be contacted with information on the next steps of our application process.
