Binaryx is a digital asset exchange that enables buying, exchanging, and storing cryptocurrencies and other digital assets. With offices in Estonia and Ukraine, Binaryx builds the new generation financial ecosystem with asset tokenization in the center of its focus.
25 августа 2021

Software Security Engineer (вакансия неактивна)

Киев, удаленно $2000–6000

Binaryx is a digital asset exchange that enables buying, exchanging, and storing cryptocurrencies and other digital assets. With offices in Estonia and Ukraine, Binaryx builds the new generation financial ecosystem with asset tokenization in the center of its focus.

Responsibilities:
• Implement Secure SDLC
• Test, triage, review, and provide recommendations for found vulnerabilities

Skills and Qualifications:
• Passionate about security and willing to learn, unlearn and relearn if necessary
• Security background (University, relevant prior employment, community activities, CTF)
• Solid understanding of how the web works, Web Application Security concepts, exploits, and threat prevention
• Hands-on exp. with assessment toolset: IDA, GDB, Burp, JEB, scripting (Python), assessment automation tools (fuzz, scan)
• Reverse engineering experience of mobile/web/desktop apps
• Knowledge of how to make security an integral part of the CI/CD pipeline
• Prior experience in Secure SDLC
• Practical experience with white or grey or black-box software penetration testing
• Understanding how to develop secure system design and secure coding recommendations
• Basic knowledge of programming languages (Python/JS/Java/Go) and experience of scripting
• Knowledge of the most common implementations of the Threats (e.g. XSS, SQL Injection, XSRF, buffer overflow, brute force, rainbow tables, DoS, etc.) and how they match the general classification
• Practical experience with Amazon AWS security hardening
Certifications in Security, Cloud, etc. will be an advantage

Will be a plus:
• Be a critical thinker and have problem-solving skills
• Good communicator with a bias towards honesty and transparency
• Nice to have one/many certifications such as GXPN, OSCP, OSCE, CEH.
• Awareness of security-related standards and best practices (OSSTMM, OWASP, PTES, NSA Vulnerability, and Penetration Testing Standards)
• Familiarity with network and web application protocols (HTTP, HTTPS, TCP/IP, SAML 2.0, OAuth 2.0, Rest APIs, etc)
• Familiarity with OWASP/NIST guidelines
• Familiar with modern DevOps practices and tools
• Experience in Bug bounties, speaking at conferences, blogging, etc. is highly desirable.

We offer:
• Competitive salary and annual review
• Guaranteed vacation and paid sick leaves
• Opportunity for self-improvement and professional growth programs available (Paid courses, training, conferences);
• Modern office with the recreational area, convenient location, parking, and Apple Macbook equipment provided. Office location near Vasilkivska subway station in Kyiv or remote cooperation
• Relocation support for candidates from other cities/countries