Already in 2021, the global cryptocurrency and DeFi industry has lost over $500M from hacks. The organization's Halborn advises have suffered 0 financially impacting incidents.
Founded in 2019, Halborn was born to solve the slew of adversarial problems unique to the cryptocurrency industry including but not limited to breaches, social engineering, stolen private keys, and economic hacks.
Halborn’s clientele are the very best of the best blockchain companies as well as new startups with high growth potential.
Culture is a top priority in our 100% remote organization. Halborn is a globally distributed team of 25+, looking to grow our elite team of white hat hackers, security engineers and DevSecOps specialists who value independence, learning, big challenges and the ability to make big impacts in cutting edge technologies.
The right candidate will be offered a full-time salary and equity. Perks include unlimited vacation days, company laptop, and opportunities for travel.
Health Insurance is dependent on the applicant’s country of residence but readily available.
About the Role
We are seeking DevOps Engineer with a strong background in security principles.
Act as a liaison between Halborn account leads and Client development and executive teams.
Perform analysis of application architectures and security patterns.
Develop threat models in conjunction with architects and software engineering staff.
Implement security tooling and support common integrated development environments.
Participate and / or lead application vulnerability reviews and remediations.
Document and communicate application risks and vulnerabilities to technical stakeholders.
Develop and deliver Secure Developer Training and assists Dev teams with the various platforms we support, the candidate will also support tool operations for our platforms.
Supports CI / CD and build pipelines with an understanding of quality and security gates and enables integration of automated solutions to increase security.
Performs architectural reviews that are meant to identify and remedy architectural security flaws both as part of EARC sessions and in consulting engagements with dev teams
Identifies application security weaknesses and provides recommendations to correct them.
Provide risk assessments and data driven recommendations to management to increase or improve our security footprint.
Responsible for the use and operational maintenance of security-related systems and tools, actively works on tuning, enhancements, upgrades, and tool integrations.
Evaluates and promotes new and existing security standards, tools, and solutions with a focus on automation and securing build pipelines for a shift left approach.
One or more security certifications or a CISSP certification would be ideal
Knowledge of secure development principles and of DevSecOps
Must have strong knowledge in cloud application development.
Must have a thorough understanding of web protocols TCP / IP, UDP, HTTP, HTTPS, SSL, TLS, etc.
Protocol analysis and forensic analysis experience is a plus.
Experience with the following source code repositories is a plus : SVN, GIT, BitBucket.
Knowledge of common vulnerabilities such as cross-site scripting (XSS), session hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
Understanding of modern software engineering principles and practices as well as modern / Web 2.0 / 3.0 tools and frameworks.
Familiar with common frameworks, spanning frontend and backend (Angular, Bootstrap, Node, Struts, Spring, NET MVC, etc.).
Experience with RESTful web services and API's
Experience with Web Application Firewall (WAF).
Experience with micro service architecture
Experience with AWS and familiar with AWS services, components and common architecture patterns.
Familiar with AWS cloud architecture security.
Vendor SaaS and PaaS security products such as WhiteHat Sentinel
DevSecOps or DevOps experience and CI / CD model
Windows and / or Linux hardening techniques
Docker hardening techniques
Traffic and log analysis from a security perspective
Familiar OWASP / SANS application vulnerabilities
Experience with Secure Code Reviews
Experience with Web and Application servers such as IIS, Apache, Tomcat
Ability to travel when required.
Nice to Haves :
Experience professionally or casually learning about, working in, contributing to cryptocurrency / blockchain / bitcoin / ethereum related projects.
Experience in Node / Validator / Mining infrastructure
Experience in any sector of cybersecurity / information security / infosec
CISSP, CompTIA A+, Network+, Security+, or any relevant cybersecurity related certifications
All successful candidates who make it will be required to :
Pass background and criminal record check
Provide x3 relevant professional references
Our Commitment to Diversity
Halborn Inc is an Equal Opportunity Employer. We do not discriminate based upon race, religion, color, national origin, sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, education, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.
and celebrates the diversity of its growing team.
We are unable to sponsor or take over sponsorship of employment Visa at this time.
Recruitment agencies and consultants may not submit resumes / CVs through this website or directly to managers. Halborn does not accept unsolicited agency resumes, and will not pay fees to any third-party agency or company that does not have a signed agreement with Halborn Inc.