TradeBlock is a wholly owned subsidiary of CoinDesk, servicing financial firms with crypto currency trading technology, institutional-grade market data, as well as blockchain data and analytics. We are a technology company focused on building the foundation for the future of finance, using robust blockchain and cryptocurrency infrastructure.
We are looking for candidates excited to shape this future by contributing to the crypto and blockchain industries through an industry-leading firm. This full-time role offers a competitive base salary, comprehensive medical/dental/vision benefits, flexible time-off and a rewarding work environment rooted in The CoinDesk way.
The Security Engineer is responsible for the design, review, and delivery of new and existing cybersecurity initiatives related to securing public trading infrastructure, application security, and SaaS operations. Candidates should be highly technical, hands-on, and have experience designing and administering Information Security and Data Protection controls.
Incorporate industry security standards into practical security operations, network operations, and application development
Engineer, implement, and maintain information system security controls and countermeasures;
Analyze and help develop security controls and procedures in Software Development Life Cycle (SDLC);
Incorporate industry security standards into practical security operations, network operations, and application development practices;
Proactively monitor, respond to, and document security events or incidents;
Enhance response procedures for system security incidents and vulnerabilities;
Oversee and utilize vulnerability management processes and solutions;
Review software security architecture for internally-developed and third-party products to ensure compliance with security policies and procedures;
Work with governance stakeholders to establish best practices for AWS, system permissions, single-sign-on, etc.;
Stay up-to-date on the latest trends in IT security threats, methodologies, and products.
Bachelor’s degree or higher in Computer Science, Network Security Engineering, or a related field, or equivalent experience;
5+ years of professional information security experience;
3+ years of professional experience with AWS;
Experience with threat modeling in an Agile and DevSecOps environment;
Experience implementing and monitoring security information systems;
Strong understanding of OWASP and/or CWE vulnerabilities and mitigation;
Knowledge of AWS cloud infrastructure and security.
Experience with Linux platforms;
Strong communication skills and a collaborative approach;
GSEC, SSCP, CCSP and/or CISSP;
Knowledge of crypto currency, FX or capital markets;
Experience with vulnerability research and penetration testing;
Proficiency with scripting languages such as Python, Bash, etc.;
Educated and versed in the latest threat actors, techniques, and incident lifecycle.