Application Security Engineer
Bitstamp, Croatia

Bitstamp is the original Cryptocurrency Exchange.

We started small in 2011, with just two laptops and big aspirations. Fast forward to today and we have grown to serve over 4 million clients across the globe, who benefit from our commitment to security, transparency and regulation. Whether it’s through our intuitive web and mobile apps or arsenal of industry-leading APIs, Bitstamp is where crypto enters the world of finance.

Our success is a result of the innovative ideas, talented individuals, and passion of our team. Together, we have helped shaped the crypto industry and continue to do so. We are always on the lookout for new talent and crypto-curious thinkers who share our passion for the future of finance.

As Application Security Engineer you will join the Security Operations Team. You will focus on the security of our code, development practices, and deployment. You will take part in security reviews and threat modelling, perform security assessments for existing solutions, and drive security researcher engagements through our bug bounty program. In addition to that, you will work closely with various Security and Technology teams on a variety of mission critical projects. Moreover, you will be tasked with scaling secure development trainings further, evangelizing sound coding practices, and driving efforts to ensure that you and the team can scale with the company.

What you'll do

• Participate in and support application security reviews and threat modelling, including security/code reviews and dynamic testing.
• Own and perform application security vulnerability management.
• Support the bug bounty program by triaging findings, communicating with researchers, and expediting mitigations within Bitstamp.
• Support and consult with Product and Engineering teams in the area of application security.
• Assist in the creation of the secure development training.
• Assist in the development of automated security testing to validate that secure coding best practices are being used.
• Assist with recruiting activities and administrative work.

Requirements

• Good understanding of common web application vulnerabilities, such as SQLi, CSRF, SSRF, IDOR etc.
• Familiarity with common security libraries, security controls, and common security flaws.
• Basic development or scripting experience in Python, Go, bash and/or Javascript.
• A basic understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, protocols).
• Familiarity with cloud providers (preferably AWS).
• Excellent written and verbal communication skills (English) with an ability to articulate complex topics in a clear and concise manner.
• Experience or familiarity with common mobile application security vulnerabilities.
• Experience working as a developer or with developers.
• Experience in the fields of penetration testing, offensive security, or security research.

Logistics

• Hybrid or 100% remote working/full time in Croatia.

Benefits

• Work from home or other location that allows you to be most productive.
• Generous home-office allowances upon joining to help set up your home space.
• Incentives: Financial Rewards, Bitstamp Employee Annual Awards, Employee Incentive program (EIP) etc.
• Sports and cultural activities, pet-friendly offices, a full fridge, teambuilding events, Bitstamp parties.

Job Rewards and Benefits