Skip to content

Application Security Engineer

India, Mahārāshtra, Bengaluru/MumbaiSecurity

Job description

About CoinDCX

Trusted by more than 1.3 crore Indians, CoinDCX is one of the largest players in India's crypto ecosystem. Our vision is to create a more open and accessible future and we believe that web 3 will play an important part. We’ve already ventured into Web 3 in 2021 by investing in promising Indian Web 3 startups via CoinDCX Ventures, launching Okto - a Defi app to access thousands of tokens on multiple DEXs across chains. We learn and build something new CoinDCX every time.

The Web 3 space is still new and we’re just getting started!

Inside CoinDCX’s Security Team

Our Security team is an awesome group of collaborators, who love to solve first of its kind problems with a lot of autonomy, creativity and fun.

They shape the way CoinDCX manages its cyber risk across the entire business! The team is mainly responsible for data protection, formulating and deploying security norms while ensuring that they are followed.

At CoinDCX you not only will be the skill of the future but also you will get to work and learn from the best while building the future of Web3.

Coin your trust in us as we create magic together!

Who you are 

  • You’re passionate about everything Crypto and Web3.0

  • You take ownership and have a thirst for excellence with an impact driven and result oriented mindset.

  • You grow while helping others grow with you

  • You thrive on change, have attention to detail and passion for quality

  • You love exploring new ideas to build something useful and are always curious to learn.

What you’ll do

  • Proactively identify and reduce security threats, vulnerabilities and risks
  • Identify & remediate outdated, vulnerable code and code libraries
  • Provide subject matter expertise on architecture, authentication, and system security
  • Develop security training and guidance to internal development teams
  • Participate in the development of CoinDCX platforms by collaborating with the engineering team
  • Consult with other Developers and Product Managers to analyse and propose application security standards, methods, and architectures
  • Create and maintain artifacts in a protected repository established as a single source of truth
  • Assess security tools and integrate tools as needed, particularly open-source tools
  • Assist with recruiting activities and administrative work
  • Professionally Handle communications with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities
  • Communicate clearly on technical issues

Job requirements

What you’ll bring

  • 4 to 10 years of hands-on experience on mobile application (Android/iOS) Security with a broad understanding of SAST, DAST & Developer Education, Agile Methodology and awareness programs

  • Familiar with one or more of Flutter, Swift, Bash, Python, NodeJS, Ruby and Ruby on Rails preferred

  • Familiar with the causes and ions of OWASP TOP 10 security issues

  • Perform Mobile application (Android/iOS) security assessment and more on exploitation

  • Good understanding of Manual and Automate Mobile Application Security Testing

  • Experience with security development, attack and defence solutions for mobile lifecycle in a fast-paced environment

  • Deep technical ability, research and creativity to think and act like a malicious actor

  • Strong understanding of common application controls, such as CSP, SRI, the same-origin policy, cookie security, OAuth, MFA etc

  • Strong understanding and experience attacking web application vulnerabilities such as XSS, BAC, Request Smuggling, DSync, CSRF, XXE, SQLi, LFI/RFI, RCE etc

  • Expertise in Secure SDL including White box and Black box assessments, code reviews, design reviews, threat modeling, etc

  • Technical experience across the product security areas including web applications, mobile, infrastructure, cryptography, third-party risk assessment etc

  • Strong source code skills

  • Ability to work and thrive in a fast-paced, deadline-oriented environment with high-volume workflows, high-pressure escalations, grey areas, and ambiguity

  • Familiarity with cloud security controls and best practices

  • Familiarity with threat hunting and best practices

  • Good communication skills and leads by influence across all levels

Advantage if you have:

  • Experience working on blockchain security

  • Experience contributing to the security community in DeFi, other cryptocurrency open-source projects, public research, presentations, etc

  • Experience in the financial industry, FinTech, and/or cryptocurrency space

  • Good to have an understanding of Surface and Deep/Dark web

What’s in it for you
  • Unlimited Wellness Leaves

  • Personalised Mental Wellness & Caregiving sessions by Experts

  • Recharge and Rejuvenate through team outings

  • DYOB - Design your Own Benefit

  • Linkedin Learning

India, Mahārāshtra, Bengaluru/Mumbai