Senior Security Engineer

About the Role

Zero Hash is looking for a passionate Senior Security Engineer to help drive and implement technical strategies, innovative tooling, research, and processes. You will have extensive knowledge of web 2.0 ecosystems, including the inner workings of cloud environments and api infrastructure. You’ll be part of the overall Security Engineering team and closely partner with the Engineering, Infrastructure, and IT teams responsible for supporting our cloud operations, software development, fleet of devices and endpoints.

The Zero Hash Security Team works to protect Zero Hash; our customers, clients, and partners; and the financial markets upon which we rely. The security team leads the company’s programs for information security and cybersecurity, business continuity, and vendor risk management.

As a member of this team, you’ll lead projects and be responsible for key deliverables of the security program while collaborating across Zero Hash teams. You will continue to learn and stay current in a fun and rapidly changing environment.

Key Responsibilities

• Work with the product management and software engineering teams during all phases of the SDLC to ensure that applications are designed and implemented securely
• Test web applications and underlying systems for vulnerabilities using both tools and manual techniques; manage the remediation of findings through resolution
• Recommend code changes to eliminate vulnerabilities
• Automate security tests within the CI/CD pipeline
• Help develop secure coding standards and training materials based on findings seen in Zero Hash’s environment to empower engineers to write more secure code
• Research vulnerabilities specific to blockchain technologies and incorporate this knowledge in Zero Hash’s security practices
• Serve as an escalation point to investigate security alerts and identify incidents
• Investigate vulnerability reports related to Zero Hash products and systems
• Manage vendors to conduct penetration tests and other security-related projects
• Participate in security helpdesk on-call rotation and manage adhoc security requests
• Influence the continuous improvement of the application security program
• Participate in projects such as threat modeling, vulnerability scanning, and audits.

Qualifications

• 5+ years of experience as a security engineer leading projects and developing resolutions in cybersecurity
• Experience designing software security features including, but not limited to, access control features, logging and monitoring features, input validation and session management.
• Experience automating security tests in CI/CD pipelines & experience working with SAST and DAST testing processes and tools
• Experience with building Detections against common attacks
• Self-motivated and creative problem-solver able to work independently with minimal guidance
• Configure, and support security and IT administration tools (e.g., MDM, IAM, EDR, SIEM, & IDPS)
• May require work nights, weekends, or holidays on a rotational basis with the rest of the team to ensure 24x7 coverage.
• Ability to manage multiple competing priorities and use good judgment to establish order of priorities on the fly
• Experience with at least several of the following is highly desirable: Java, Angular JS, REST APIs, JSON, Go, Rust, and Python
• Supports the team with additional security projects, as needed

Preferred

• Experience with Cloud Security tools
• Prior experience with threat and vulnerability management
• Experience with common attack techniques and conducting penetration tests
• Bachelor's degree in computer science, computer engineering, cybersecurity or related field, equivalent experience also accepted
• Enthusiasm for securing and breaking software

We believe a happy, motivated, and healthy team is the best way to succeed. We offer the following benefits:

• Chance to earn equity
• Paid Maternity & Paternity leave (after 6 months)
• WeWork Membership
• WFH Yearly Stipend
• L&D Yearly Stipend (after 6 months)

About Zero Hash

Zero Hash's full stack financial infrastructure seamlessly connects fiat, crypto and stablecoins, enabling a better way to move and transfer money and value globally. Zero Hash provides the complete technical infrastructure (delivered through API and SDK) as well as the global regulatory stack to easily and compliantly send, receive, store, and convert fiat, crypto, and stablecoins, in one platform.

Start-ups, enterprises and Fortune 500 companies, including Stripe, Interactive Brokers, Shift4, Franklin Templeton, and MoonPay embed our infrastructure to power a diverse range of use cases: cross-border payments, commerce, trading, remittance, payroll, tokenization, wallets and on and off-ramps.

Backed by Interactive Brokers, Point72 Ventures, NYCA, Bain Capital, and tastytrade.

The Zero Hash Culture

All Zero Hash employees are guided by the following characteristics and core principles:

• Independence/Ownership - An ability to work autonomously. Join Zero Hash, pitch ideas, and shape the work you do.
• Passion - We are innovating quickly and challenging the status quo. We want you to think big, be creative and ​make a difference every day.
• Collaborative - A good attitude and respect for others. We’re teammates, not co-workers. Everything we do is a shared success and equally a shared failure - we talk in terms of “we” not “me”.
• Initiative - An ability and passion for learning and asking questions. We will champion you, challenge you and push you to achieve your best - and we expect you to do the same.
• Empathy - An ability to listen, respect, and understand your co-workers, customers, and everyone you interact with no matter how different they are to you.
• Adaptability - An ability to respond quickly. We are in a fast-paced industry and so we expect you to be creative when solving a new problem and comfortable under pressure.
• Transparency - We believe that transparency is critical to empowering everyone to make the best decisions, both the company to its people and vice versa.
• Integrity - Integrity creates trust. As both an organization collectively and as individuals, it is our most valuable asset.

Twitter

LinkedIn

Youtube

Blog