About Job:

we are looking for a senior security engineer

Responsibilities:

• Help define a coherent security strategy for a decentralized organization within the blockchain industry, consulting relevant stakeholders in the process.


• Help define practical security policies based on strategy, combining a flexible work environment with high-security requirements.


• Creating and maintaining information, infrastructure, and blockchain assets inventories. Inventory management with enforcement of the right security policies based on risk classification.


• Capturing, assessing, and categorizing the security risks of current working practices within Our Company.


• Prioritizing changes to existing security practices to gradually improve these practices in the organization.


• Manage and follow up on the implementation of these improvements.


• Organizing and participating in incident response procedures within the techops team. Performing post-mortem and forensics analyses where necessary.


• Setting up monitoring and notification mechanisms for the detection of security vulnerabilities and breaches.


• Setting up and managing periodic security audits.


• Clearly communicate with the development teams and other teams within Our Company about changing policies and address any related user concerns.


• Coaching, training, and knowledge sharing where necessary to improve awareness and understanding of security risks and practices within the organization.


• Understanding security and blockchain industry best practices and apply to the context of the Our Company decentralized organization.


• Staying up-to-date with the latest news regarding industry security vulnerabilities and fixes. Applying security patches and upgrades across the organization in a timely manner. Paying special attention to blockchain-specific vulnerabilities.


• Identify in-house blind spots and knowledge gaps. Select, consult, and work with subcontractors where necessary for the safe operation of the Our Company data & infrastructure.

• Experience with the following or equivalent technologies & practices is an essential part of your skill set:


• Proven work experience as a system security engineer or information security engineer


• Good knowledge of OWASP security principles and top vulnerabilities, methods to test for them and to remediate


• Advanced Linux and shell scripting. Familiar with firewall concepts and intrusion prevention software (iptables, fail2ban)


• Knowledge and experience with network and security protocols - HTTP and HTTPS, TLS/SSL, SSH, IPSec. Familiar with packet analyzer tools (Wireshark) and port scanners such as nmap.


• Proven experience in DDoS attacks mitigation / realtime protection; MiTM attacks prevention; email spoofing prevention


• Familiar with cloud providers (AWS, Digital Ocean) and their security assessment tools


• Knowledge of Content Delivery Networks (Cloudflare, Amazon CloudFront).


• Experienced in both SQL / NoSQL databases (PostgreSQL, RethinkDB, MongoDB) and best security practices (data encryption at rest and in transit)


• Experienced in securing web apps and familiar with web vulnerability scanners


• Experienced in securing mobile apps


• Familiar with Docker architecture and security best practices


• Basic programming skills


• Git / GitHub knowledge


• JIRA, Confluence experience


• Experience working in distributed agile teams and using online collaboration tools