Liminal Custody Solutions is hiring a
Senior Application Security Engineer

Summary

Join Liminal as an Application Security Specialist to securely scale digital asset operations through HSM backed wallet architecture. Responsibilities include application security reviews, implementing security solutions, threat modeling, and more. Requires at least 5 years of experience in penetration testing, familiarity with AWS technologies, and a BS in Computer Science or related field.

Requirements

• At least 5 years of experience in the field of penetration testing
• Experience in Software Development
• Experience working with AWS technologies
• Familiarity with cloud security best practices
• Familiarity with common libraries, security controls, and common security flaws
• Deep understanding of Supply chain attacks
• Experience with OWASP, static/dynamic analysis, and common security tools
• Deep understanding of network and web related protocols (such a TCP/IP, UDP, TPSEC, HTTP, HTTPS, protocols)
• Experience in vulnerability management lifecycle
• Demonstrate strong written and verbal communication skills
• Understand full attack lifecycle
• BS (or equivalent) in Computer Science, Computer Engineering, or related field

Responsibilities

• Participate in application security reviews including security code review, architectural design review, and dynamic testing
• Implement security and cryptography solutions
• Detect design and logical vulnerabilities
• Build and maintain threat modeling framework
• Help Software Engineers in security best practices
• Own and perform application security vulnerability management
• Support the bug bounty program
• Facilitate and support the preparation of security releases
• Support and consult with Product and development teams in the area of application security
• Assist in the creation of security training for developers
• Assist in the development of automated security testing to validate that secure coding best practices are being used
• Assist in Pen-testing practices (purple teaming)
• Work with external pen testing firms to manage third-party assessments
• Own the Secure SDLC process
• Taking initiatives to curb known abusive activity, and identifying unknown abuse vectors
• Designing, researching, and executing attacks to challenge the blue team
• Reporting on the red team engagements providing in-depth analysis of the security issues
• Developing technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Writing comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
• Implementing security best practices and new ideas to encourage innovation within your team
• Making proposals across several teams on cross-functional security initiatives
• Keeping abreast of the latest developments in crypto, DeFi and blockchain to feed the company's strategic orientations
• Continually researching the current and emerging technologies and propose changes

Preferred Qualifications

• Experience in Digital Asset Wallets is a plus
• Experience submitting security issues in cryptocurrency wallets/exchanges’ bug bounty program is a plus
• OSCP, OSWE, GPEN or similar certification completion is a plus
• Understanding of applied cryptography

Benefits

Work for a company founded by Mahin Gupta, co-founder of ZebPay - one of India's largest crypto exchanges