Product Security Engineer

---

Job description

Introduction

NYDIG is a leading technology and financial services firm accelerating the Bitcoin future. We believe that Bitcoin is not just a new asset class but a potentially powerful force for good. NYDIG's focus is two-fold. First, we aim to provide the best investor solution platform with the most sophisticated suite of products to corporations, asset managers, institutions, and other sophisticated investors. Second, we aim to democratize access by providing a technology platform capable of powering embedded bitcoin products and services for any financial institution. Our team is a group of proven innovators with deep domain expertise across finance and technology. We look for optimistic, passionate, low-ego, excellence-driven people who want to work together on creating impactful solutions. This is a rare opportunity to join a rapidly growing firm innovating in an exciting and dynamic industry.

Description

You'll be trusted to conduct security assessments from start to finish with minimal assistance. Depending on the project, you may perform white, black, or grey box assessments and may develop proof of concept code to demonstrate the severity of findings. You'll tap into your "security instincts" to find vulnerabilities and break down complicated technical issues and the risks they pose to programmers, network engineers, system administrators, and management. The Product Security engineer collaborates with those teams to ensure correct design, development, and implementation of internal and customer facing projects. You'll also play a big part in securing our cloud infrastructure, contributing to technical design choices in a cloud native AWS environment, helping us secure container set-ups and architect secure CI/CD pipelines.

While deep technical skills are critical to success with us, we're also looking for fast learners who are passionate about security and are constantly researching to stay ahead of the newest threats. You should be analytical and love to problem solve. Teamwork is key so it's important that you know how to collaborate and be a great teammate.

Requirements

• 5+ years of related technical experience in Cybersecurity
• 5 + years of experience with programming and scripting languages and experience working on a software engineering team or closely with one.
• A consistent record of discovering, analyzing, and exploiting application vulnerabilities and misconfigurations in software, on Windows and Linux platforms, or in common container orchestration platforms such as Docker and Kubernetes.
• A track record in helping to secure AWS Cloud environments by shifting the security left towards the developers (secure CI/CD pipelines etc.)
• The ability to work with stakeholders throughout the vulnerability lifecycle to communicate issues and provide remediation guidance
• Proficiency in reading, writing, and auditing source code in both unmanaged and managed languages and the ability to pick up new languages/technologies
• Experience developing custom tools when necessary
• Knowledge of ubiquitous encryption technologies (PGP, SSH, TLS, etc.) and commonly used authentication protocols (OpenID Connect, OAUTH2, SAML, etc.)
• Knowledge of secure network design and system architecture
• Good understanding of Software Composition Analysis(SCA), SAST, DAST, Threat modeling, and Vulnerability Assessment and Penetration Testing (VAPT)

Preferred

• Experience with infrastructure automation (Cloudformation, Terraform) and configuration management tools (Ansible, Chef, Puppet, and similar) preferred.
• Experience securing containerized applications and their deployments with common orchestration technologies such as Kubernetes, Mesos, or redshift.
• Prefer hands-on experience with DevOps deployment strategies and tools (Jenkins, CircleCI, Github Actions)
• Take a leadership role in defining tools, techniques and technologies used to secure and monitor NYDIG's infrastructure
• Proficiency in debugging large distributed software applications and applicable tooling to assist.
• Prior work as a consultant at a highly technical information security consultancy
• Publicly disclosed vulnerabilities (CVEs) and open-source tools

Benefits

• Highly competitive compensation package
• Generous benefits package including
• Unlimited PTO
• Exceptional benefits package with:
• $1/month premiums for you and your family
• HSA plan option with employer funding
• Dedicated benefit concierge
• Free One Medical membership
• Flexible unmetered Parental Leave policy
• 401k program with company match
• Employer sponsorship for personal/professional development programs (the sky's the limit!)