Senior Application Security
plan, coordinate and complete security engagements
6 months ago
CoinsPaid is an IT product crypto processing company, currently, we are developing a unique cryptocurrency ecosystem around our main service and payment provider - CryptoProcessing.com.
We are a “Remote-first” company, most of our employees work remotely, which does not prevent us from maintaining and strengthening the team spirit, mutual support, and willingness to help.
At CoinsPaid we are passionate about crypto, tech, and product development quality. If these feel close to you - give us a shout!
- Manage and contribute to planning, coordination and successful completion of security engagements
- Lead and coordinate Security Audits for on-going projects: (from Architecture, Process, Risk and Testing etc.)
- Work as a Security Consultant helping to establish secure development activities in SDLC end-to-end, be able to provide clarifications related to security in development
- Perform Application Security Trainings for Development Teams
- Contribute to building Secure Architecture and Design for the projects
- Communicate with teams, be able to convey the message about importance of Secure Software development Life Cycle, the ways of establishing it
- Cooperate with all sub-teams: BAs, Developers, QAs; build consistent understanding of Security Requirements, main Threats, Mitigations implemented
- Define security requirements
- Define security tools and associated security checks
- Define security test strategy
- Create initial cybersecurity requirements and include in the Product Backlog
- Review secure coding rules
- Produce user documentation for cybersecurity features
- Perform review of all security testing defects and address them to project team
- Force fix of security defects
- Conduct a Final Security Review (FSR) to ensure completion of all SDL elements
- At least 3 years of practical proven experience in penetration testing
- 3+ years of professional experience in the field of Software Development
- Ability to perform evaluation of application requirements, processes, technologies
- Experience with different exploitation tools and frameworks (Metasploit, BeeF, sqlmap, etc)
- Ability to resolve technical problems when required
- Ability to develop custom scripts needed for specific assessment purposes (Python, bash, PowerShell)
- Ability to develop scripts for automation security checks
- Ability to explain assessment results to technical and non-technical personnel
- Experience in security testing of Web Applications based on (GoLang, PHP)
- Experience in security testing of Web Services (SOAP, RESTful)
- Understanding of at least one Security Development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM etc)
- Understanding of main Security-related activities in development such as Security Requirements gathering, Risk Assessment, Threat Modeling, Security Code Review
- Understanding of security threats, their classification
- Understanding of most common implementations of the Threats (e.g. XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, DoS etc.) and how they match the general classification
- Understanding of main security concepts and principle
Nice to have:
- Previous experience as software engineer, or knowledge of software development methodologies is desired, but not mandatory
- Ability to develop, implement and guide security assessments’ process on the project
- Experience in security testing of Mobile Applications (iOS, Android, Windows Mobile)
- Familiarity with the tools for various security activities: Static Code Analysis, Pen Testing
- Experience in security architecture and design reviews
- Experience in threat modeling
- Experience in SAST (static code analysis, manual code reviews)
Why should you choose us?
CoinsPaid is a rapidly developing company that is looking for new talents that will become part of the solid team that values every member and is ready to give them an exciting working experience in the fast-moving cryptocurrency industry. The company welcomes everyone willing to become a part of a digital payments market where CoinsPaid features as one of the market leaders.
CoinsPaid is a leading crypto-financial ecosystem that helps 800+ online businesses accept Bitcoin and other cryptocurrencies. Our ecosystem includes all services that a business needs to accept crypto from a payment gateway to an OTC exchange. This year CoinsPaid processed transactions amounting to $5,35 billion in value. We have launched a $CPD token to bridge the E-commerce market with DeFi Tools.
Today, CoinsPaid boasts of several key accomplishments:
- The leading crypto payments provider.
- Company age: 8 years (since 2014).
- Team: 200 employees.
- 7% of all on-chain BTC transactions are processed by CoinsPaid.
- Over 13 mln crypto transactions (on October 2021).
- AIBC Summit Awards: Payment Provider of the Year.
- 1st crypto gateway to pass 2 security audits (Kaspersky Labs & 10Guards).
CoinsPaid has already set its goals for the year 2023 which will include the expansion to new markets in emerging countries and regions like Latin America and the Middle East, the launch of a new E-commerce brand, and a cryptocurrency wallet. The company will also launch a new structural division that will focus on the development of SaaS products. Additionally, CoinsPaid will continue to develop and promote the previously released products like the CPD token.