BitGo is the leader in digital asset financial services, providing institutional investors with liquidity, custody, and security solutions. In 2020, BitGo launched Prime Trading and Lending, as well as BitGo Portfolio and Tax, providing clients with a full-stack solution for digital assets. In 2018, it launched BitGo Trust Company, the first qualified custodian purpose-built for storing digital assets. BitGo processes over 20% of all global Bitcoin transactions, and supports over 250 coins and tokens. BitGo’s customer base includes the world's largest cryptocurrency exchanges and institutional investors and spans more than 50 countries. BitGo is backed by Goldman Sachs, Craft Ventures, Digital Currency Group, DRW, Galaxy Digital Ventures, Redpoint Ventures, and Valor Equity Partners.
BitGo is looking for a Principal Security Engineer to help build out and maintain our Threat and Vulnerability Management program. You will be part of a talented team of engineers that demonstrate superb technical competency, delivering mission critical infrastructure and ensuring the highest levels of availability, performance and security. Qualified engineers will have a background in penetration testing and/or ethical hacking.
- Perform penetration tests, code reviews, and document threat models.
- Plan and lead red team (hacking) exercise operations against the corporation for the purpose of training incident response teams.
- Develop tools and maintain the red team's operational infrastructure.
- Track and research the latest attacks and how they might apply to BitGo’s environments.
- Develop the red team roadmap and drive the direction for the red team program as a whole.
Required Skills & Experience:
BitGo is looking for people who are passionate about their craft, take full ownership for their work and projects, and believe in a transparent and collaborative culture with the goal of making BitGo successful.
- Experience with cloud security practices: Amazon Web Services, and Google Cloud.
- Experience with securing Kubernetes, Microservices, and APIs.
- Very Strong Experience with OWASP Top 10, and NIST Top 20 vulnerabilities.
- Proficiency with at least three (3) or more of the following: Mobile security, Application security, Vulnerability management, Infrastructure security, and Malware.
- Working knowledge in object oriented Software Development.
- Experience in drafting reports, documenting case details, and able to summarize findings and recommendations based on system analysis.
- Demonstrate strong written and verbal communication skills.
- Experience with using security monitoring and alerting systems.
- Solid scripting skills. (e.g., shell scripts, Perl, Ruby, Python)
- Solid knowledge of threat modeling, architecture, and design review.
- Minimum of 5 years working within Application Security.
- You are a huge fan of blockchain technology and cryptocurrencies.
- Security Certification: CEH, GIAC or equivalent pen testing cert.
- BS (or equivalent) in Computer Science, Computer Engineering or related field.
Why Join BitGo?
Disrupting an industry takes vision, innovation, passion, technical chops, drive to deliver, collaboration, and execution. Join a team of great people who strive for excellence and personify our corporate values of ownership, craftsmanship, and open communication. We are looking for new colleagues who bring innovative ways of thinking and problem solving, and who want risks to be part of the team that changes the world’s financial markets.
Here are some of the benefits of working at BitGo:
- Competitive base salary, bonus and stock options
- 100% company paid health insurance for employee, partner and dependents
- Up to 5% 401k company match
- Paid parental leave, Paid vacation
- Free commuter/parking pass; 5 min from Caltrain
- Free custom lunches, dinners and snacks
- Computer equipment and workplace furniture to suit your needs
- Great colleagues and inspiring startup environment
- Benefits may vary based on location.
Cryptocurrencies are the most disruptive change the financial services industry has seen in years. Join us and you’ll be able to look back and say you were part of the team that transformed investing.