Information Security Engineer

We are hiring for one of our ecosystem projects - a cryptocurrency exchange.

We are looking for an Information Security Engineer to join their team. This position offers an opportunity to work on cutting-edge technologies and contribute to the safety and trustworthiness of the cryptocurrency ecosystem.

If you are passionate and enthusiastic about the web3 industry, come and join our team!

In this role, you will:

• Conduct hands-on assessment, hardening, and patching of security systems.
• Manage, develop, implement, design and support various security technologies, controls, and tools in the corporate environment.
• Investigate and respond to potential security events, alerts, and incidents.
• Execute and manage security tools within the CI/CD pipeline, including:
• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Software Composition Analysis (SCA)
• Communicate and collaborate with product managers,  business owners, DevOps teams, IT operations, and development teams to provide subject matter expertise on information security sectors.
• Search out and identify weaknesses, gaps in controls, and vulnerabilities, while recommending improvements and remediation measures to enhance security.
• Strong and hands-on experience with Nessus Scanner or other vulnerability scanning tools.

You might thrive in this role if you have:

• 3+ years of working experience in cyber security.
• Deep understanding of IT/information security and networking principles.
• Experience in the crypto/blockchain industry, including a minimum of three years in the Web3 sector.
• Deep understanding of blockchain security, particularly as a Security Subject Matter Expert (SME) of exchange and/or hot/cold wallet security.
• Experience with Microsoft 365 Security - Microsoft Defender (Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud Apps) is preferred.
• Solid experience in public cloud security (AWS, Azure)
• Proven working and hands-on knowledge with:
• Firewalls (preferably Fortigates)
• VPN (IPsec between on-premise firewall and cloud, SSL VPN for user access)
• Endpoint security systems and technologies supporting both Linux and Windows operating system variants
• Incident response and methodologies
• Experience with DDoS and web application firewall (WAF) protection on Cloudflare and Imperva.
• Security mindset with business enablement strategy thinking.
• CCNP Security, Microsoft Certified: Security Operations Analyst, Identity and Access Administrator, or similar security certifications are advantageous.
• Exceptional verbal and written communication skills.