Application Security Engineer
India, Mahārāshtra, Bengaluru/MumbaiSecurity
Trusted by more than 1.3 crore Indians, CoinDCX is one of the largest players in India's crypto ecosystem. Our vision is to create a more open and accessible future and we believe that web 3 will play an important part. We’ve already ventured into Web 3 in 2021 by investing in promising Indian Web 3 startups via CoinDCX Ventures, launching Okto - a Defi app to access thousands of tokens on multiple DEXs across chains. We learn and build something new CoinDCX every time.
The Web 3 space is still new and we’re just getting started!
Inside CoinDCX’s Security Team
Our Security team is an awesome group of collaborators, who love to solve first of its kind problems with a lot of autonomy, creativity and fun.
They shape the way CoinDCX manages its cyber risk across the entire business! The team is mainly responsible for data protection, formulating and deploying security norms while ensuring that they are followed.
At CoinDCX you not only will be the skill of the future but also you will get to work and learn from the best while building the future of Web3.
Coin your trust in us as we create magic together!
Who you are
You’re passionate about everything Crypto and Web3.0
You take ownership and have a thirst for excellence with an impact driven and result oriented mindset.
You grow while helping others grow with you
You thrive on change, have attention to detail and passion for quality
You love exploring new ideas to build something useful and are always curious to learn.
What you’ll do
- Proactively identify and reduce security threats, vulnerabilities and risks
- Identify & remediate outdated, vulnerable code and code libraries
- Provide subject matter expertise on architecture, authentication, and system security
- Develop security training and guidance to internal development teams
- Participate in the development of CoinDCX platforms by collaborating with the engineering team
- Consult with other Developers and Product Managers to analyse and propose application security standards, methods, and architectures
- Create and maintain artifacts in a protected repository established as a single source of truth
- Assess security tools and integrate tools as needed, particularly open-source tools
- Assist with recruiting activities and administrative work
- Professionally Handle communications with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities
- Communicate clearly on technical issues
What you’ll bring
4 to 10 years of hands-on experience on mobile application (Android/iOS) Security with a broad understanding of SAST, DAST & Developer Education, Agile Methodology and awareness programs
Familiar with one or more of Flutter, Swift, Bash, Python, NodeJS, Ruby and Ruby on Rails preferred
Familiar with the causes and ions of OWASP TOP 10 security issues
Perform Mobile application (Android/iOS) security assessment and more on exploitation
Good understanding of Manual and Automate Mobile Application Security Testing
Experience with security development, attack and defence solutions for mobile lifecycle in a fast-paced environment
Deep technical ability, research and creativity to think and act like a malicious actor
Strong understanding of common application controls, such as CSP, SRI, the same-origin policy, cookie security, OAuth, MFA etc
Strong understanding and experience attacking web application vulnerabilities such as XSS, BAC, Request Smuggling, DSync, CSRF, XXE, SQLi, LFI/RFI, RCE etc
Expertise in Secure SDL including White box and Black box assessments, code reviews, design reviews, threat modeling, etc
Technical experience across the product security areas including web applications, mobile, infrastructure, cryptography, third-party risk assessment etc
Strong source code skills
Ability to work and thrive in a fast-paced, deadline-oriented environment with high-volume workflows, high-pressure escalations, grey areas, and ambiguity
Familiarity with cloud security controls and best practices
Familiarity with threat hunting and best practices
Good communication skills and leads by influence across all levels
Advantage if you have:
Experience working on blockchain security
Experience contributing to the security community in DeFi, other cryptocurrency open-source projects, public research, presentations, etc
Experience in the financial industry, FinTech, and/or cryptocurrency space
Good to have an understanding of Surface and Deep/Dark web
What’s in it for you
Unlimited Wellness Leaves
Personalised Mental Wellness & Caregiving sessions by Experts
Recharge and Rejuvenate through team outings
DYOB - Design your Own Benefit