Senior Security Engineer

Job updated 4 months ago

Job Description

The Cybersecurity and Data Privacy team reports directly under the office of the CISO headed by Chief Information Security Officer (CISO) Jason Lau (https://www.linkedin.com/in/jasonciso/) who has over 23+ years of experience in the cybersecurity space, awarded Global Top 100 CISO, and also serves on the World Economic Forum, International Association of Privacy Professionals and more.
The team comprises of multiple functions from Blockchain Security, Operational Security, Security Governance and Compliance and more. We drive a culture of having a growth mindset and being humble to help everyone achieve their potential. Security and Data Privacy Compliance first strategy which has been at the core of our company. The security team helped to drive us to be the first Crypto company worldwide to achieve ISO27001, ISO27701, ISO22301 and PCI:DSS 3.2.1 (Level 1) certifications. Extremely detailed third party attested by international audit firm SGS and achieved "Adaptive (Tier 4)” – the highest level possible for the US National Institute of Standards and Technology (NIST) Cybersecurity Framework and the latest NIST Privacy Framework as well as SOC2 and many other regional certifications like the Data Protection Trust Mark.

Requirements

  • Implement, manage and enhance cloud security controls - native cloud security controls, CSPM, CNAPP, container security controls, etc.
  • Build, maintain, tune and enhance CSPM, CNAPP and container security rules and policies.
  • Work with SIEM engineering on cloud security logging and cloud security threat detection use cases.
  • Work with the SOC on cloud security response procedures and to implement automated containment runbooks.
  • Improve cloud security logging, detection and response processes.
  • Manage and enhance the company’s vulnerability management lifecycle processes.
  • Manage vulnerability and configuration scanning tools, setup vulnerability scanners, perform scheduled scans, tuning scanning profiles, etc.
  • Review and triage vulnerability alerts/advisories to produce manageable reports for actionable next steps.
  • Assist in the analysis and remediation of findings discovered during scheduled internal and third party vulnerability scans and penetration tests
  • Prepare security patch bundles for various types of endpoints (Windows, Linux, MacOS).
  • Manage and enhance the company’s baseline security configuration program for workstations and servers. This involves maintaining and developing hardening standards and working with stakeholders to implement these standards across the organization.
  • Ensure the timely delivery of compliance and regulatory reporting.
  • Collaborate closely with the security compliance team to acquire the compliance and regulation requirements and ensure the program fulfill their needs
  • Deliver on KRIs and KCIs for vulnerability management, secure configuration management and cloud security.

Interview process

  • 7+ years of experience working in information security
  • 5+ years of experience in cloud security or vulnerability management
  • Cloud experience (AWS and Azure) in administrative management, policy management, platform management, cloud security controls management and DevOps integration is required.
  • Coding, scripting, automation in GitHub and familiarity with Infrastructure as Code (IaC) in AWS/Azure will be an advantage.
  • Knowledge of common security frameworks such as CIS, NIST, PCI DSS etc.
  • Able to articulate how vulnerabilities translates to cyber-risks
  • Experience conducting security risk assessments
  • Experience of using vulnerability management tools like Tenable, Qualys, InsightVM, Tripwire CCM, etc. Familiarity with Qualys will be an advantage.
  • Proficiency in a scripting language like Python, Ruby, PowerShell, or Bash is preferred.
  • Information Security certifications (CISSP, SANS GIAC, Security+, etc.) a plus.
  • High work ethic and sense of ownership for the delivered results.
  • Excellent communication skills in English (spoken & written) and comfort communicating security risks and controls to technical and non-technical partners required.
1
No requirement for relevant working experience
1,000,000 ~ 1,600,000 TWD / year
100% Remote Work
Personal Invitation Link
This is your personal referral link for job invitation. You'll receive an email notification when someone applied for the position via your job link.
Share this job
Logo of Crypto.com.
Crypto.com
Blockchain
1001 - 5000 people

About us

總覽


About Crypto.com: Founded in 2016, Crypto.com serves more than 80 million customers and is the world's fastest growing global cryptocurrency platform. Our vision is simple: Cryptocurrency in Every Wallet™. Built on a foundation of security, privacy, and compliance, Crypto.com is committed to accelerating the adoption of cryptocurrency through innovation and empowering the next generation of builders, creators, and entrepreneurs to develop a fairer and more equitable digital ecosystem. Learn more at https://crypto.com.

Crypto.com is an equal opportunities employer and we are committed to creating an environment where opportunities are presented to everyone in a fair and transparent way. Crypto.com values diversity and inclusion, seeking candidates with a variety of backgrounds, perspectives, and skills that complement and strengthen our team.

Personal data provided by applicants will be used for recruitment purposes only. Please note that only shortlisted candidates will be contacted.



Jobs

Full-time
Mid-Senior level
2
1M ~ 2M TWD / year
Save

Full-time
Mid-Senior level
1
950K ~ 1.1M TWD / year
Save