Senior Product Security Engineer

Summary

Join BitMEX, a leading global crypto derivatives exchange, as a multifaceted Security Engineer. This role blends Security and Product Engineering, focusing on redesigning, developing, and enhancing internal systems for security. You will be the key player in building and iterating on security components to meet customer and internal stakeholder needs, requiring strong secure coding and application security principles. The position involves designing, building, and launching security features and applications, collaborating with engineering teams on secure development and operations, and creating security architecture documentation. This role demands extensive experience in development and a deep understanding of security concepts.

Requirements

• 15+ years of overall experience including at least 8+ years in a developer role
• Ability to interpret and translate various business and technical requirements into operational actions
• Experience integrating with REST and Websocket APIs
• Knowledge of network security architecture concepts, including topology, protocols, components, and principles
• Relevant areas of expertise include network security, PKI, usable security, anti-abuse, cryptography, web application security, and memory corruption/sandboxing
• Familiarity with Kubernetes / Ansible / Chef, and with one or more programming language: Python, Golang, C, NodeJS
• Strong problem-solving skills and a confident communicator
• Ability to work independently and comfortably to tight schedules
• Have worked in a fast paced or fintech environment

Responsibilities

• Design, build and launch various security-related features and applications
• Work closely with engineering teams to define, adopt mitigations, and develop new solutions for secure development and operations
• Evaluate, prototype, implement, and support security-focused tools and services while maintaining a strong knowledge of current security threats and operational best practices
• Compose a set of security architecture documentation (e.g. principles, tender requirements, security test scopes/scripts, go-live criteria) that new projects can leverage