Principal Security Engineer in London

Our client is a cybersecurity company that builds custody SaaS protocol for web3 apps. Their mission is to bring serenity to DeFi by eliminating new blockchain risks and making crypto transactions easier, faster, more affordable, and compliant with existing regulations.

You will contribute to one of the most ambitious technology projects in crypto today: building a trustless custody infrastructure for the trillion-dollar digital asset industry. You will join an amazing team of leaders and experts in a highly challenging and collaborative environment.

We are looking for a Principal Security Engineer to run security operations within our company. You will have to demonstrate excellent surveillance and emergency response skills. You will need a strong commitment to security rules and knowledge of all hazards and threats to safety. Ultimately, you will work to ensure the security of our business information, employee data and client information throughout our entire network.

As Principal Security Engineer, you will:

• Detect insecure features and malicious activities within our networks and infrastructure.
• Implement customized application security assessments for client-based asset risk and corporate policy compliance.
• Conduct vulnerability assessments.
• Have an advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
• Focus on assessing vulnerabilities and how those risks could be mitigated.
• Make things more secure by protecting system boundaries, keeping computer systems and network devices hardened against attacks and securing highly sensitive data.

Your primary goal will be to create and preserve environments where employees, clients and assets are monitored, safe, and well-protected.

Your day-to-day projects will involve:

• Sharing the big picture to your team, defining the levels of priority within the product roadmap, and being accountable for the deadlines and the quality of production.
• Acting as a powerhouse of ideas on all security and technical issues.
• Determining security violations and inefficiencies by conducting periodic audits.
• Keeping customers updated via performance and system status reports.
• Analyzing security systems, researching weaknesses, reporting possible threats or software issues, and finding ways to counter them on a daily basis.
• Creating and maintaining artefacts in a protected repo established as a single source of truth.
• Finding and removing outdated and vulnerable code and code libraries.
• Building security tooling and automation for internal use that enable SecTeam to operate at high speed and at scale.
• Detecting and responding to company-wide security incidents.
• Running security forensics in the case of a cyber attack and/or a data leak.
• Identifying and mitigating complex security vulnerabilities before an attacker exploits them.
• Taking initiatives to curb known abusive activity, and identifying unknown abuse vectors.
• Focusing on designing, researching, and executing attacks to challenge the blue team.
• Reporting on the red team engagements providing in-depth analysis of the security issues.
• Developing technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
• Writing comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.
• Authoring and updating internal and external docs, and formally initiating and delivering requirements.
• Facilitating cross-branch communication and know-how exchange between team members.
• Handling communications with independent vulnerability researchers and designing appropriate mitigation strategies for reported vulnerabilities.
• Implementing security best practices and new ideas to encourage innovation within your team.
• Working closely with CISO to embed best-in-class information security processes within the corporate policies, processes, and internal workflows.
• Making proposals across several teams on cross-functional security initiatives.
• Acting as DRI and escalation point for teams facing extremely complex technical challenges.
• Keeping abreast of the latest developments in crypto, DeFi and blockchain to feed the company's strategic orientations.
• Continually researching current and emerging technologies and propose changes.

Requirements:

• 10+ years experience as a Principal Security Engineer, 2+ years direct experience with incident response, and 2+ years experience in anti-abuse processes.
• Recognized security expert in multiple specialty areas, with cross-functional team experience.
• Ownership of significant sub-department objectives, goals and OKRs.
• Engineering expert capabilities of challenging the reasoning of other engineers.
• Experience in designing and securing APIs (RESTful, GraphQL, SWIFT).
• In-depth understanding of coding languages, namely Rust, Go, Python, and/or Typescript.
• Hands-on experience analyzing high volumes of logs, network data and attack artefacts.
• Proficiency with antivirus, vulnerability scanning and information security software.
• Detailed technical knowledge of database and operating system security.
• Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
• Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
• Experience with cloud platforms such as AWS, GCP, and setting up environments between them.
• Thorough understanding of the latest security principles, techniques, and protocols.
• Excellent knowledge of security procedures and relevant industry standards (ISO, SOC, etc.).
• Experience testing secure, fault-tolerant, and resilient systems.
• Excellent analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Humble, respectful, and very professional to others.
• Able to decide even in stressful, unstable situations.
• Appetite for Cybersecurity, Fintech, Blockchain and/or Crypto industries.

Benefits:

• Salary: K / year (avg base range).
• Equity: % M in case of 2B exit.
• Bonus: Peer and spot bonuses after 8 months with us.
• Location: Hybrid. You can either work in our offices, from home, or remote.
• Paid time off: No less than 30 days per year, plus national holidays.
• Employee benefits: Healthcare, life insurance, retirement plan, sponsored transportation, gym cards, food, Apple devices and home office equipment, tuition fee assistance, team retreats, and more.