Please submit your CV in English as a .pdf file
We are the Information Security team. We're the first line of defense against hackers and security flaws that may impact our trading operations and global client base. We manage threats and potential security risks through smart strategies, airtight policies, meticulous communication, and technical execution.
As a Security Engineer at Deriv, you'll perform penetration testing on our web applications and identify potential security issues. Your work will include developing, implementing, and integrating open-source security solutions, such as IDS and SIEM, and you will be in charge of monitoring and auditing Amazon Web Services system and service changes as well. You will also encourage security awareness throughout the organization via regular communication on security best practices and the latest online threats.
- Check our systems against the latest attacks, vulnerabilities, and mitigations.
- Identify attack vectors.
- Conduct security reviews of production infrastructure.
- Build security tools and processes for critical infrastructure monitoring, protection, and mitigation.
- Perform regular pentesting of our web applications.
- Monitor our automated security scripts and utilize them to identify threats.
- Manage our bug bounty program.
What you have
- Experience in using AWS security tools
- Experience in white-box security testing method
- Experience with web application security and testing, security monitoring, and intrusion detection
- Experience with fuzzing and finding validation edge cases
- Understanding of encryption fundamentals and the OWASP Top 10
- A good understanding of attacks and mitigations such as timing, injection (eg form parameter / SQL), side-channel, DoS, buffer overflows and DNS cache poisoning
- Ability to assess the security impact of bugs and API inconsistencies
- Familiarity with legacy and modern application architectures and related technologies (web applications, service-oriented architecture, microservices), network protocols, and storage and backup services
- Experience in writing custom code and scripts to investigate security threats
- A clear understanding of the OSI model, TCP / IP, and other industry-standard network defense concepts
- Knowledge of the latest industry trends and best practices in information security
- Exceptional English communication skills (both spoken and written)
- Knowledge of cloud-related risks and vulnerabilities
- Familiarity with security best practices for cloud workloads
- Firm grasp of security and disaster recovery measures
- Operational experience in bug bounty programs such as HackerOne, Bugcrowd, and Cobalt
- OSCP, eCCPT, Security +, CISSP, or any GIAC certification
What we'll give you
- Exciting work challenges
- Cooperative work environment
- Career advancement opportunities
- Market-based salary
- Annual performance bonus
- Health benefits
- Casual dress code
- Travel and internet allowances
- Support for improving English