Blockchain.com is the world's leading software platform for digital assets. Offering the largest production blockchain platform in the world, we share the passion to code, create, and ultimately build an open, accessible and fair financial future, one piece of software at a time.
We are looking for a Senior Application Security Engineer to join our Security team as we tackle some of the most interesting problems in the crypto space, like how do we securely scale a distributed financial platform that touches millions of people a day.
At Blockchain.com, Security is a mindset and a set of engineering approaches to better protect stakeholders, users and systems by building our creative engineering solutions to hard, sometimes previously unseen problems. The Security team is responsible for the big picture of how systems are designed for Security, and we use a breadth of tools and approaches to solve a broad spectrum of problems. Practices aimed at achieving proactive identification of potential threat actors combined with in-depth investigation of security issues into iterative improvement are key to both product security and interesting and dynamic day-to-day work.
Security at Blockchain.com is a work in progress - we are looking for an experienced, Senior Application Security Engineer to expand our Security platform and provide leadership across the Security and the broader engineering team. Are you ready for a challenge?
WHAT YOU WILL DO:
- Work closely with Engineering teams to define security requirements and perform design assessments at early stages.
- Perform code reviews across the lifecycle of products, and penetration tests on internal and Internet-facing services.
- Develop, communicate, and promote best practices for the secure development and deployment of services.
- Implement improvements in the strategy, processes and tooling, enhance the overall Secure Software Development Lifecycle process and lead the adoption of the “Security by design” principle.
- Build software and implement tooling to validate and enforce secure baselines for software development, deployment and release.
- Review development processes for security functionality and consistency and develop Security playbooks.
- Design and implement libraries and tooling for security sensitive operations (data encryption, authentication, access, logging, input validation, etc.)
- Support Engineering teams with implementing security fixes, and develop strategies to proactively secure their code.
WHAT YOU WILL NEED
- Extensive knowledge of secure standards and practices to build software preferably in at least one JVM based language such as Java and Kotlin.
- Experience working on different kinds of assignments including code reviews, secure standard development, and building secure software.
- Proven experience implementing Security in highly regulated environments. Previous experience in cryptocurrency projects is a plus.
- Experience with OWASP, Static and Dynamic Application Security Testing (AST) and dependendency validation (SCA) tools. Experience with integration into CI/CD pipelines is a plus.
- Knowledge of Security monitoring techniques and tools to provide actionable events to trigger automated detection and containment and ensure traceability across the entire stack.
- An innate curiosity, strong inclination towards best practices and thrivingness on learning new technologies.
- A pragmatic approach to developing clean solutions to complex problems.
- The foremost quality for this position or any position at Blockchain.com is integrity.
COMPENSATION & PERKS:
- Amazing and accessible office location in the heart of London. We are also open to remote for this role.
- Unlimited vacation policy.
- Apple equipment.
- Full-time salary based on experience and meaningful equity in an industry-leading company.
- London Benefits: Private Medical Insurance (BUPA), Dental, Pension, Life, Short Term & Long Term Disability.
- LinkedIn profile.
- Link to github, stackoverflow, personal website and/or blog (if applicable).
- Favorite GIF
When you apply to a job on this site, the personal data contained in your application will be collected by one or more of the following subsidiaries of Blockchain Luxembourg S.A (each, a “Controller”):
- Blockchain Access UK Ltd.
- Blockchain (GB) Limited
- Blockchain (US), Inc.
- Blockchain (LT), UAB
You may contact our Data Protection Officer by email at email@example.com. Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.
Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under the standard contractual clauses.
Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment. Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with an EU supervisory authority.