Principal Application Security Engineer

Closed Posted 1 year ago Paid on delivery
Closed Paid on delivery

About DFNS

Dfns is a cybersecurity company that builds custody SaaS protocol for web3 apps. Think of it as a developer tool that provides secure cloud for crypto.

Job Description

You will contribute to one of the most ambitious technology projects in crypto today: building a trustless custody infrastructure for the trillion-dollar digital asset industry.

Reporting directly to the CISO and leading the Application Security at Dfns. You will join an amazing team of leaders (CTO, VP of Research, CISO) and experts (InfraSec Engineers, R&D Engineers, OffSec Engineers) in a highly challenging and collaborative environment.

We are looking for a Senior or Principal Security Engineer to run Application Security within our company. You will have to demonstrate excellent surveillance and emergency response skills. You will need a strong commitment to security rules and knowledge of all hazards and threats to safety. Ultimately, you will work to ensure the security of our business information, employee data and client information throughout our entire network.

As Application Security Engineer, you will detect insecure features and malicious activities within our products. You will implement customized application security assessments for client-based asset risk, corporate policy compliance as well as conduct vulnerability assessment. You must have an advanced understanding of TLS 1.3, mTLS, DNS, TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements. Your focus is not only limited to assessing whether vulnerabilities exist but also how those risks could be mitigated. The ideal candidate loves security and possesses both deep and wide infosec expertise. You will make things more secure by protecting system boundaries, keeping computer systems and network devices hardened against attacks and securing highly sensitive data.

Responsibilities

Your primary goal will be to create and preserve environments where employees, clients and assets are monitored, safe, and well-protected.

Your day-to-day projects will involve:

Participate in application security reviews including security code review, architectural design review, and dynamic testing.

Implement security and cryptography solutions

Detect design and logical vulnerabilities

Build and maintain threat modeling framework

Help Software Engineers in security best practices.

Own and perform application security vulnerability management.

Support the bug bounty program.

Facilitate and support the preparation of security releases.

Support and consult with Product and development teams in the area of application security.

Assist in the creation of security training.

Assist in development of automated security testing to validate that secure coding best practices are being used.

Assist in Pen-testing practices (purple teaming)

Work with external pen testing firms

Own the Secure SDLC process

Managing the Security Champs program

Requirements

At least 6 years of experience in the field of Information Security.

At least 3 years of experience in Software Development.

Experience in Digital Asset Wallets is a plus

Familiarity with common libraries, security controls, and common security flaws.

Deep understanding in Supply chain attacks

Experience with OWASP, static/dynamic analysis, and common security tools.

Deep understanding of network and web related protocols (such a TCP/IP, UDP, TPSEC, HTTP, HTTPS, protocols).

Deep understanding in mTLS implementation

Deep understanding in applied cryptography

Experience in vulnerability management lifecycle.

Familiarity with cloud security best practices.

Be a huge fan of blockchain technology and cryptocurrencies.

Experience implementing Security Certifications

Understand full attack lifecycle

BS (or equivalent) in Computer Science, Computer Engineering or related field.

IMPORTANT: A resume or CV with contact information is required. (e-mail address)

Computer Security Web Security Engineering Software Engineering Software Testing

Project ID: #34176569

About the project

3 proposals Remote project Active 1 year ago

3 freelancers are bidding on average $423 for this job

delwaralam

I am a Cyber and information security expert and I have passed CEH. I invest my time and skills to help people protect their business from Cybercriminals. My specialties are 10+-years of experience, Information Securit More

$550 USD in 7 days
(9 Reviews)
4.9
dataspro

Hello: My name is Anthony Muñoz, I express my interest in working on your project after carefully reading the requirements and concluding that they match my area of knowledge and skills. I am currently the lead engi More

$220 USD in 7 days
(0 Reviews)
0.0
Guru010

Hi, I'm Guru, and I'd love to take up this project. I'm a great fit because i am working in cyber security domain for 4 year where my job responsibilty is similar to the project of yours. I'm ready to start working o More

$500 USD in 6 days
(0 Reviews)
1.0