Application Security Engineer

  • Security
  • Bangalore/Mumbai, India

Application Security Engineer

Job description

About CoinDCX

Trusted by more than 10 million users, CoinDCX is India's fastest-growing and safest way to Crypto. We’re on a mission to make Crypto accessible to every Indian. Our aspirations are much bigger and we strive to contribute to the larger crypto ecosystem. For this, we’re looking for talented people like you to join our team and fulfill this vision.

Make a difference by,

  • Proactively identify and reduce security threats, vulnerabilities and risks
  • Identify & remediate outdated, vulnerable code and code libraries
  • Provide subject matter expertise on architecture, authentication, and system security
  • Develop security training and guidance to internal development teams
  • Participate in the development of CoinDCX platforms by collaborating with the engineering team
  • Consult with other Developers and Product Managers to analyse and propose application security standards, methods, and architectures
  • Create and maintain artifacts in a protected repository established as a single source of truth
  • Assess security tools and integrate tools as needed, particularly open-source tools
  • Assist with recruiting activities and administrative work
  • Professionally Handle communications with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities
  • Communicate clearly on technical issues

Job requirements

Essential qualifications

  • 4 to 10 years of hands-on experience on mobile application (Android/iOS) Security with a broad understanding of SAST, DAST & Developer Education, Agile Methodology and awareness programs

  • Familiar with one or more of Flutter, Swift, Bash, Python, NodeJS, Ruby and Ruby on Rails preferred

  • Familiar with the causes and ions of OWASP TOP 10 security issues

  • Perform Mobile application (Android/iOS) security assessment and more on exploitation

  • Good understanding of Manual and Automate Mobile Application Security Testing

  • Experience with security development, attack and defence solutions for mobile lifecycle in a fast-paced environment

  • Deep technical ability, research and creativity to think and act like a malicious actor

  • Strong understanding of common application controls, such as CSP, SRI, the same-origin policy, cookie security, OAuth, MFA etc

  • Strong understanding and experience attacking web application vulnerabilities such as XSS, BAC, Request Smuggling, DSync, CSRF, XXE, SQLi, LFI/RFI, RCE etc

  • Expertise in Secure SDL including White box and Black box assessments, code reviews, design reviews, threat modeling, etc

  • Technical experience across the product security areas including web applications, mobile, infrastructure, cryptography, third-party risk assessment etc

  • Strong source code skills

  • Ability to work and thrive in a fast-paced, deadline-oriented environment with high-volume workflows, high-pressure escalations, grey areas, and ambiguity

  • Familiarity with cloud security controls and best practices

  • Familiarity with threat hunting and best practices

  • Good communication skills and leads by influence across all levels

Advantage if you have:

  • Experience working on blockchain security

  • Experience contributing to the security community in DeFi, other cryptocurrency open-source projects, public research, presentations, etc

  • Experience in the financial industry, FinTech, and/or cryptocurrency space

  • Good to have an understanding of Surface and Deep/Dark web