Application Security Engineer

  • Security
  • Bangalore/Mumbai, India

Application Security Engineer

Job description

About CoinDCX

CoinDCX is India's largest & safest crypto exchange, with a dedicated focus on making crypto accessible. Established in 2018, CoinDCX has solved numerous problems faced by the Indian crypto community with investing and trading solutions for crypto-based financial products for retail, HNI, and enterprise customers.It is our ultimate goal, to provide the best of the crypto space with the simplest and secure solutions. Insured by BitGo and ISO Certified, CoinDCX is now India’s first Crypto Unicorn! 


India’s cryptocurrency markets are booming, and post the SC verdict, the industry has grown manifold. More Indians want to join this exciting new industry. However, they are unsure how to enter, who should be their partner to help them grow in this space. You help them in their journey. You introduce them to a brand that is built for them and gain their trust. You make this happen. You make a difference,

Make a difference by,

⦁ Develop security training and guidance to internal development teams
⦁ Provide subject matter expertise on architecture, authentication, and system security
⦁ Create and maintain artifacts in a protected repository established as a single source of truth
⦁ Assess security tools and integrate tools as needed, particularly open-source tools
⦁ Assist with recruiting activities and administrative work
⦁ Technical Skills
⦁ Familiar with common security libraries, security controls, and common
⦁ security flaws that apply to Ruby on Rails applications, NodeJS.
⦁ Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
⦁ Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP.
⦁ Knowledge of browser-based security controls such as CSP, HSTS, XFO.
⦁ Experience with standard web application security tools such as Arachni, Brakeman, and BurpSuite.
⦁ Participate in the development of CoinDCX with the dev team.
⦁ Code quality
⦁ Proactively identify and reduce security risks.
⦁ Find and remove outdated and vulnerable code and code libraries.
⦁ Communication
⦁ Consult with other Developers and Product Managers to analyze and propose application security standards, methods, and architectures.
⦁ Handle communications with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities.
⦁ Educate other developers on secure coding best practices.
⦁ Ability to professionally handle communications with outside researchers, users, and customers.
⦁ Ability to communicate clearly on technical issues.
⦁ Performance & Scalability
⦁ An understanding of how to write code that is not only secure but scales to a large number of users and systems.

Job requirements

  • 3 to 10 years of experience working in information security and specializing in application security with a broad understanding of SAST, DAST & Developer education, and awareness programs.
  • Bachelor degree in Computer Science, or another related area of study
  • Passion for security and open-source software
  • You are a team player, and enjoy collaborating with cross-functional teams
  • You employ a flexible and constructive approach when solving problems
  • You share our values and work in accordance with those values
  • Ability to communicate effectively in English both verbally and in writing
  • Ability to work and thrive in a fast-paced, deadline-oriented environment with high-volume workflows, high-pressure escalations, grey areas, and ambiguity.
  • Ability and readiness to work off-hours, including weekends and holiday
  • Strong analytical skills, including working with large data sets to solve business problems.
  • Familiarity with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications
  • Some development experience (Ruby and Ruby on Rails preferred; for CoinDCX debugging, NodeJS)
  • Experience with OWASP, static/dynamic analysis and common exploit tools and methods 
  • An understanding of network and web-related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
  • Familiarity with cloud security controls and best practices