The goal of the application security engineer is to ensure that no code running in BitMEX’s environments is actively malicious or vulnerable to exploitation. She or he achieves this by implementing a variety of security controls in the form of automated code scanning, security reviews, secure coding guidelines, implementation of secure by default services and libraries, and manual security testing. The application security engineer works closely with the security detection and response and development teams to implement application security controls and alerting for known attacks, and helps triage application security vulnerabilities that arise.
Identify and mitigate application security threats against the BitMEX platform
Participate in internal threat modelling exercises
Collaborate closely with other teams to increase visibility and help mitigate appsec related threats to the product
Provide clear, prescriptive guidance for teams implement security sensitive features and services
Be a team player and someone that others feel comfortable approaching with appsec questions
Skills, Traits & Competencies:
5+ years of security industry experience, 2+ years in an appsec role
Strong software development skills with a background in some combination of Python, Ruby, Golang, NodeJS
Strong understanding of common appsec controls, such as CSP, SRI, the same-origin policy, cookie security, etc
Strong understanding and practical experience attacking web application vulnerabilities such as XSS, CSRF, XXE, SQLi, LFI/RFI, etc.
A Bachelor’s degree or equivalent work experience preferred