Senior Security Engineer

Crypto.com

Crypto.com

Software Engineering
hong kong
Posted on Monday, December 4, 2023
The Cybersecurity and Data Privacy team reports directly under the office of the CISO headed by Chief Information Security Officer (CISO) Jason Lau (https://www.linkedin.com/in/jasonciso/) who has over 23+ years of experience in the cybersecurity space, awarded Global Top 100 CISO, and also serves on the World Economic Forum, International Association of Privacy Professionals and more. The team comprises of multiple functions from Blockchain Security, Operational Security, Security Governance and Compliance and more. We drive a culture of having a growth mindset and being humble to help everyone achieve their potential. Security and Data Privacy Compliance first strategy which has been at the core of our company. The security team helped to drive us to be the first Crypto company worldwide to achieve ISO27001, ISO27701, ISO22301 and PCI:DSS 3.2.1 (Level 1) certifications. Extremely detailed third party attested by international audit firm SGS and achieved "Adaptive (Tier 4)" – the highest level possible for the US National Institute of Standards and Technology (NIST) Cybersecurity Framework and the latest NIST Privacy Framework as well as SOC2 and many other regional certifications like the Data Protection Trust Mark.
Crypto.com is seeking an experienced Senior Security Engineer to be at the forefront of securing our infrastructure. This role has the direct responsibility for supporting the Cloud Security, Vulnerability Management and Secure Configuration Management Programs.
The Senior Security Engineer will support the improvement of the company’s cloud security posture primarily through the implementation & enhancement of native security controls across the organization’s cloud environments; the enforcement of configuration hardening & security compliance through cloud security posture management; and the implementation & enhancement of container security controls. The Senior Security Engineer will also contribute to cloud security logging, detection and response initiatives.
The Senior Security Engineer will also support the company’s vulnerability and configuration management programs primarily through vulnerability lifecycle management - including advisory, scanning and reporting of vulnerabilities, and working with stakeholders to drive patching & remediation; and through the secure configuration management of the company’s workstations and servers.

Responsibilities

  • Implement, manage and enhance cloud security controls - native cloud security controls, CSPM, CNAPP, container security controls, etc.
  • Build, maintain, tune and enhance CSPM, CNAPP and container security rules and policies.
  • Work with SIEM engineering on cloud security logging and cloud security threat detection use cases.
  • Work with the SOC on cloud security response procedures and to implement automated containment runbooks.
  • Improve cloud security logging, detection and response processes.
  • Manage and enhance the company’s vulnerability management lifecycle processes.
  • Manage vulnerability and configuration scanning tools, setup vulnerability scanners, perform scheduled scans, tuning scanning profiles, etc.
  • Review and triage vulnerability alerts/advisories to produce manageable reports for actionable next steps.
  • Assist in the analysis and remediation of findings discovered during scheduled internal and third party vulnerability scans and penetration tests
  • Prepare security patch bundles for various types of endpoints (Windows, Linux, MacOS).
  • Manage and enhance the company’s baseline security configuration program for workstations and servers. This involves maintaining and developing hardening standards and working with stakeholders to implement these standards across the organization.
  • Ensure the timely delivery of compliance and regulatory reporting.
  • Collaborate closely with the security compliance team to acquire the compliance and regulation requirements and ensure the program fulfill their needs
  • Deliver on KRIs and KCIs for vulnerability management, secure configuration management and cloud security.

Requirements

  • 7+ years of experience working in information security
  • 5+ years of experience in cloud security or vulnerability management
  • Cloud experience (AWS and Azure) in administrative management, policy management, platform management, cloud security controls management and DevOps integration is required.
  • Coding, scripting, automation in GitHub and familiarity with Infrastructure as Code (IaC) in AWS/Azure will be an advantage.
  • Knowledge of common security frameworks such as CIS, NIST, PCI DSS etc.
  • Able to articulate how vulnerabilities translates to cyber-risks
  • Experience conducting security risk assessments
  • Experience of using vulnerability management tools like Tenable, Qualys, InsightVM, Tripwire CCM, etc. Familiarity with Qualys will be an advantage.
  • Proficiency in a scripting language like Python, Ruby, PowerShell, or Bash is preferred.
  • Information Security certifications (CISSP, SANS GIAC, Security+, etc.) a plus.
  • High work ethic and sense of ownership for the delivered results.
  • Excellent communication skills in English (spoken & written) and comfort communicating security risks and controls to technical and non-technical partners required.
#LI-SF1
#LI-MidSenior
#LI-Hybrid
Life @ Crypto.com
Empowered to think big. Try new opportunities while working with a talented, ambitious and supportive team.
Transformational and proactive working environment. Elevate employees to find thoughtful and innovative solutions.
Growth from within. We help to develop new skill-sets that would impact the shaping of your personal and professional growth.
Work Culture. Our colleagues are some of the best in the industry; we are all here to help and support one another.
One cohesive team. Engage stakeholders to achieve our ultimate goal - Cryptocurrency in every wallet.
Are you ready to kickstart your future with us?
Benefits
Competitive salary
Medical insurance package with extended coverage to dependents
Attractive annual leave entitlement including: birthday, work anniversary
Work Flexibility Adoption. Flexi-work hour and hybrid or remote set-up
Aspire career alternatives through us. Our internal mobility program can offer employees a diverse scope.
Work Perks: crypto.com visa card provided upon joining
Our Crypto.com benefits packages vary depending on region requirements, you can learn more from our talent acquisition team.
About Crypto.com:
Founded in 2016, Crypto.com serves more than 80 million customers and is the world's fastest growing global cryptocurrency platform. Our vision is simple: Cryptocurrency in Every Wallet™. Built on a foundation of security, privacy, and compliance, Crypto.com is committed to accelerating the adoption of cryptocurrency through innovation and empowering the next generation of builders, creators, and entrepreneurs to develop a fairer and more equitable digital ecosystem.
Learn more at https://crypto.com.
Crypto.com is an equal opportunities employer and we are committed to creating an environment where opportunities are presented to everyone in a fair and transparent way. Crypto.com values diversity and inclusion, seeking candidates with a variety of backgrounds, perspectives, and skills that complement and strengthen our team.
Personal data provided by applicants will be used for recruitment purposes only.
Please note that only shortlisted candidates will be contacted.