Senior Application Security Engineer ( Work Location - Bangalore)

About Liminal:

At Liminal our mission is to simplify self custody. We make digital assets safer, efficient and rewarding for individuals and businesses without giving up control and ownership.Liminal is an enterprise-grade platform that offers a robust infrastructure for managing digital assets.Liminal enables exchanges, custodians, banks, trading desks, and hedge funds to securely scale their digital asset operations through HSM backed plug and play wallet architecture. Our zero key leakage tolerance approach helps institutions in eliminating the risks associated with digital asset transfers, such as, cyber attacks, internal collusion, and human error. Liminal's operations excellence framework provides efficient fees management, transaction confirmation guarantees, auto-refilling, sweeping, batching and other wallet operations. Our proprietary regulatory readiness program, which includes AML checks,quarantine wallets, key residency, travel rule and CCSS-compliant platforms, helps businesses fast-track their compliance journey.

Liminal is founded by Mahin Gupta (https://www.linkedin.com/in/mahingupta/), who previously co-founded ZebPay - one of India's largest crypto exchanges. The entire founding team at Liminal has extensive experience in designing and developing secure wallet architectures with operational efficiencies. Liminal is incorporated in Singapore and has operations across the globe. Liminal has processed transactions over $6 billion and has ~$600 million worth of Assets Under Protection.

Our website - https://www.liminalcustody.com/
Our Blogs - https://blog.lmnl.app/

Objectives and day-to-day activity will involve: 

● Participate in application security reviews including security code review, architectural design review, and dynamic testing. 

● Implement security and cryptography solutions 

● Detect design and logical vulnerabilities 

● Build and maintain threat modeling framework 

● Help Software Engineers in security best practices. 

● Own and perform application security vulnerability management. 

● Support the bug bounty program. 

● Facilitate and support the preparation of security releases. 

● Support and consult with Product and development teams in the area of application ● security. 

● Assist in the creation of security training for developers. 

● Assist in the development of automated security testing to validate that secure coding best ● practices are being used. 

● Assist in Pen-testing practices (purple teaming) 

● Work with external pen testing firms to manage third-party assessments

● Own the Secure SDLC process 

● Taking initiatives to curb known abusive activity, and identifying unknown abuse vectors.

● Designing, researching, and executing attacks to challenge the blue team.

● Reporting on the red team engagements providing in-depth analysis of the security issues.

● Developing technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks. 

● Writing comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement. 

● Implementing security best practices and new ideas to encourage innovation within your team. 

● Making proposals across several teams on cross-functional security initiatives.

● Keeping abreast of the latest developments in crypto, DeFi and blockchain to feed the company's strategic orientations. 

● Continually researching the current and emerging technologies and propose changes.

Requirements

At least 5 years of experience in the field of penetration testing. 

● Experience in Software Development. 

● Experience working with AWS technologies

● Familiarity with cloud security best practices. 

● Familiarity with common libraries, security controls, and common security flaws.

● Deep understanding of Supply chain attacks 

● Experience with OWASP, static/dynamic analysis, and common security tools.

● Deep understanding of network and web related protocols (such a TCP/IP, UDP, TPSEC, HTTP, HTTPS, protocols). 

● Experience in vulnerability management lifecycle. 

● Demonstrate strong written and verbal communication skills. 

● Experience implementing Security Certifications 

● Understand full attack lifecycle 

● BS (or equivalent) in Computer Science, Computer Engineering, or related field. 

Preferred Qualifications 

● Experience in Digital Asset Wallets is a plus 

● Experience submitting security issues in cryptocurrency wallets/exchanges’ bug bounty program is a plus 

● OSCP, OSWE, GPEN or similar certification completion is a plus 

● Understanding of applied cryptography 

● Be a huge fan of blockchain technology and cryptocurrencies.