Principal Application Security Engineer
$140-300 USD
Paid on delivery
About DFNS
Dfns is a cybersecurity company that builds custody SaaS protocol for web3 apps. Think of it as a developer tool that provides secure cloud for crypto.
Job Description
You will contribute to one of the most ambitious technology projects in crypto today: building a trustless custody infrastructure for the trillion-dollar digital asset industry.
Reporting directly to the CISO and leading the Application Security at Dfns. You will join an amazing team of leaders (CTO, VP of Research, CISO) and experts (InfraSec Engineers, R&D Engineers, OffSec Engineers) in a highly challenging and collaborative environment.
We are looking for a Senior or Principal Security Engineer to run Application Security within our company. You will have to demonstrate excellent surveillance and emergency response skills. You will need a strong commitment to security rules and knowledge of all hazards and threats to safety. Ultimately, you will work to ensure the security of our business information, employee data and client information throughout our entire network.
As Application Security Engineer, you will detect insecure features and malicious activities within our products. You will implement customized application security assessments for client-based asset risk, corporate policy compliance as well as conduct vulnerability assessment. You must have an advanced understanding of TLS 1.3, mTLS, DNS, TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements. Your focus is not only limited to assessing whether vulnerabilities exist but also how those risks could be mitigated. The ideal candidate loves security and possesses both deep and wide infosec expertise. You will make things more secure by protecting system boundaries, keeping computer systems and network devices hardened against attacks and securing highly sensitive data.
Responsibilities
Your primary goal will be to create and preserve environments where employees, clients and assets are monitored, safe, and well-protected.
Your day-to-day projects will involve:
Participate in application security reviews including security code review, architectural design review, and dynamic testing.
Implement security and cryptography solutions
Detect design and logical vulnerabilities
Build and maintain threat modeling framework
Help Software Engineers in security best practices.
Own and perform application security vulnerability management.
Support the bug bounty program.
Facilitate and support the preparation of security releases.
Support and consult with Product and development teams in the area of application security.
Assist in the creation of security training.
Assist in development of automated security testing to validate that secure coding best practices are being used.
Assist in Pen-testing practices (purple teaming)
Work with external pen testing firms
Own the Secure SDLC process
Managing the Security Champs program
Requirements
At least 6 years of experience in the field of Information Security.
At least 3 years of experience in Software Development.
Experience in Digital Asset Wallets is a plus
Familiarity with common libraries, security controls, and common security flaws.
Deep understanding in Supply chain attacks
Experience with OWASP, static/dynamic analysis, and common security tools.
Deep understanding of network and web related protocols (such a TCP/IP, UDP, TPSEC, HTTP, HTTPS, protocols).
Deep understanding in mTLS implementation
Deep understanding in applied cryptography
Experience in vulnerability management lifecycle.
Familiarity with cloud security best practices.
Be a huge fan of blockchain technology and cryptocurrencies.
Experience implementing Security Certifications
Understand full attack lifecycle
BS (or equivalent) in Computer Science, Computer Engineering or related field.
IMPORTANT: A resume or CV with contact information is required. (e-mail address)
Project ID: #34176569
About the project
3 freelancers are bidding on average $423 for this job
I am a Cyber and information security expert and I have passed CEH. I invest my time and skills to help people protect their business from Cybercriminals. My specialties are 10+-years of experience, Information Securit More