Security Engineer II (Application Security)

About CoinSwitch

CoinSwitch breaks down the complexities in Crypto, empowering the everyday Indian to make informed investment decisions on a simple and trusted platform. When we started up, Crypto was a field reserved for specialists. Today, over 20 million users trust CoinSwitch to learn, purchase and invest in Crypto. That makes us India’s largest crypto app.

On CoinSwitch, users can invest in Crypto with a few simple taps, either as a one-time purchase or in regular intervals through an SIP. But simplicity is not a substitute for informed decisions. A CoinSwitch user spends 27 minutes on our app—to learn about Crypto and Web3 through our educational content and understand the market sentiments through CRE8, the Crypto Rupee Index.

But we are just getting started. CoinSwitch not only plans to double down on making Crypto accessible to everyone but is on track to become the one-stop wealth-tech destination for every Indian.

For more information about CoinSwitch, find additional resources here: https://linktr.ee/coinswitchcareers 

About the Role

The Application Security Engineer at CoinSwitch Kuber is responsible for partnering with our developers to help ensure that the code we write does not expose us to any additional risk. Part penetration tester, part integrator, part educator, the ideal candidate understands that application security is not just about finding problems but also about integrating their tools into the CI/CD pipeline and helping developers understand how to leverage those tools to identify issues in their code.

Responsibilities

• Experience administering linux systems.
• Partnering with IT, helps standardize the security configuration and overall management of workstations across the company.
• Assist with security tool deployments and integrations with existing systems.
• Collaborate with teams and identify opportunities for control automation and reporting.
• Independently develop proof of concepts and get alignment from stakeholders.
• Design and develop tools that help eliminate repetitive tasks.
• Write well commented code using modern design principles.
• Coordinate and execute testing plan.
• Deploy applications in a production environment.
• Plan and deploy enhancements.
• Ensure bugs are fixed based on SLA.
• Follows, executes, contributes to procedures to build and support automation solutions.
• Develop complex tools based on business requirements

What are we looking for?

• 4 to 7 years of experience in application security
• Familiarity with multiple classes of vulnerabilities including OWASP top ten.
• Knowledge of SAML / OAuth / Open ID Connect.
• Ability to automate security testing and improve productivity in security assessments.
• Solid understanding and knowledge of web frameworks and architecture.
• Ability to communicate and interpret security vulnerabilities to various audiences such as development and management teams.
• Experience in conducting security assessments in cloud platforms (SaaS, PaaS, IaaS).
• Experience in integrating and automating security in DevOps through implementing / buildin orchestration tools.

What we do at CoinSwitch Security

As part of CoinSwitch’s world class engineering team, the focus is on solving real world unique problems in the world of blockchain and finance technology. Our engineering team works on most cutting edge technologies and on a variety of them. The pace things move at CoinSwitch makes security problems more challenging.Our tech culture is vibrant, open and we believe guardrails rather than the roadblocks as part of our CoinSwitch culture. At CoinSwitch Devs has been given as much freedom to experiment and play with tech as much as possible while as security engineer the responsibility is to make sure that nothing goes wrong from security perspective. To achieve the same we are in the process of building full-fledged product security vertical that would be aimed at multiple things, some among which would be doing a bunch of internal VA/PT, dev-sec-ops, tooling (open-source - huge fan, commercial, inhouse built - by our own security team folks), processes, infrastructure security, incident response, backend, web & mobile application security and fintech specific security challenges.

Life at CoinSwitch

We take great pride in what we do, and are committed to our mission. And we have a lot of fun while at it!

Here’s how we do things at CoinSwitch:

• Customer-first: That’s the North Star. Everything we do is to make our users’ investment experience better and simplified.
• Ownership: We don’t sport lab coats, but we experiment—a lot. And we take ownership. We even have a catchphrase for this: Think big, fail fast, and build better.
• Data-driven: The source of truth. Simple as that.
• Fun: PS5, anyone? Or do you prefer Foosball? Or perhaps Carrom? And yes, our HR team has a whole list of activities: Disco nights, off-sites, gift boxes, and more!

Speaking of lists, the perks and benefits are so extensive, this space isn’t enough. Here are a few:

• Parenthood: Up to 8 months of Maternity leave and 1 month of Paternity leave
• Gender Reassignment Surgery: Be the best version of you! We’ll support you and reimburse your medical bill.

Disclaimer: We are an equal opportunity employer committed to building a respectful and empowering work environment for all people to freely express themselves amongst colleagues who embrace diversity in all respects. Including fresh voices and unique points of view in all aspects of our business not only creates an environment where we can all grow and thrive but also increases our potential to produce work that better represents—and resonates with—the world around us.