CAREERS

About Bullish

Bullish is an institutionally focused global digital asset platform that provides market infrastructure and information services. These include: Bullish Exchange – a regulated and institutionally focused digital assets spot and derivatives exchange, integrating a high-performance central limit order book matching engine with automated market making to provide deep and predictable liquidity. Bullish Exchange is regulated in Germany, Hong Kong, and Gibraltar. CoinDesk Indices – a collection of tradable proprietary and single-asset benchmarks and indices that track the performance of digital assets for global institutions in the digital assets and traditional finance industries. CoinDesk Data - a broad suite of digital assets market data and analytics, providing real-time insights into prices, trends, and market dynamics. CoinDesk Insights – a digital asset media and events provider and operator of Coindesk.com, a digital media platform that covers news and insights about digital assets, the underlying markets, policy, and blockchain technology.

Reports to:

Director, Offensive Security and Vulnerability Management

The Cybersecurity Team requires a new team member specializing in supply chain security to support strategic objectives focusing on 3rd party risk and compliance requirements.

The position will focus on identifying risks in 3rd party products (software, SaaS services, etc.), maintaining Bullish and supplier software bill of materials (SBOMs), performing configuration reviews of services, and working with 3rd party vendors to document and manage emerging risks. This position will also focus on securing the Bullish product supply chain, helping to secure Bullish source code and our build and deployment toolchains.

Role & Responsibilities:

• Develop an industry leading supply chain security program focused on the detection, prevention and remediation of threats in the Bullish supply chain

• Design and execute comprehensive, continuous security assessments (including code reviews, design reviews, and secure configuration reviews) across all third-party software products and Bullish's internal build/deploy toolchain to manage transitive risk

• Implement guidelines and processes to facilitate the secure selection, procurement, and implementation of third-party services

• Perform risk assessments and work with operations teams to strengthen the Bullish build and deploy technology stack

• Develop automation around SBOM generation, maintenance, and the risk-prioritized triage/remediation of identified vulnerabilities

• Manage key offensive security tooling, including static analysis, software composition analysis, SBOM management, and Javascript analysis solutions. This includes the triage and management of any detected security weaknesses

• Assist with the orchestration of external penetration tests, when needed

• Stay updated with emerging supply chain security threats and industry trends to further grow the program

Experience & Qualifications:

• 5+ years experience in cybersecurity. Preferably in Application Security, Penetration Testing, or Cloud Security Engineering

• Operational DevOps experience (JIRA backlog management, ticket assignment, sprint management, etc.)

• Ability to read and understand code. Prefer basic level of knowledge in JavaScript, C++, Rust, Go, Python, and Java

• Must be comfortable writing code. Many tasks will require automation or custom coding

• Experience using AI/LLM to assist with performing tasks and development

• Hands-on experience in common DevOps/SecOps/DevSecOps and CI/CD technologies

• Self-starts. Autonomous and self-directed. Need someone that can operate with minimal oversight

• Basic understanding of Security frameworks such as ISO27001 and NIST CSF

• Bachelors of Computer Science degree, or equivalent, depending on experience

Bullish is proud to be an equal opportunity employer. We are fast evolving and striving towards being a globally-diverse community. With integrity at our core, our success is driven by a talented team of individuals and the different perspectives they are encouraged to bring to work every day.