100x Group is the result of the phenomenal success of BitMEX, the world’s leading cryptocurrency derivatives trading platform, which has pioneered cryptocurrency trading through relentless commitment to change, and continues to set benchmarks for innovation, liquidity, and security today. The BitMEX trading platform represents the cornerstone of 100x. As the world's most advanced peer-to-peer crypto-products trading platform and API, BitMEX gives knowledge, confidence, and precision to hundreds of thousands of traders, transacting billions of USD per day.
Join us, as we build a thriving cryptocurrency ecosystem of 100x Group companies, through strategic investments in emerging cryptocurrency technology, and create the future of digital financial services.
Purpose of This Job:
The goal of the Director of Offensive Security is to devise and execute upon a >1yr strategic plan to proactively identify and mitigate risk across the BitMEX infrastructure. This plan will be realized through the creation of a dedicated “red team” function. The red team will be a sub-team within the larger Security organization focused on proactive identification of threats and will complement our existing preventative (Security Engineering) and reactive security (Detection & Response) functions.
This proactive security testing function, which will be “full scope” (aka, physical and digital) is known as a “redteam” within the security industry, but unlike most Security red team’s, our team will bridge the gap between “red” and blue”. In other words; this team will serve not only to break; but to ensure identified findings are prioritized and fixed, in collaboration with the “blue” teams.
Discover vulnerabilities in BitMEX Corporate infrastructure before a malicious external actor does.
Discover vulnerabilities in BitMEX Production infrastructure before a malicious external actor does.
Discover vulnerabilities in BitMEX Physical (office, badging, ..) infrastructure before a malicious external actor does.
Discover vulnerabilities in BitMEX Executive infrastructure (homes, private/home offices) before a malicious external actor does.
10+ years of experience in security testing, vulnerability and/or red team assessment at a top tech or finance company.
Strong software development skills in Python, Golang, NodeJS, Ruby, C, C++, or similar.
Deep knowledge of Amazon Web Services, GCP, and general Cloud infrastructure security.
Deep understanding of DevOps/CICD environments, attack vectors and mitigating controls.
Comfortable operating across a wide variety of platforms and technologies.
Ability to travel to our San Francisco and Hong Kong offices on a quarterly basis.