The Cybersecurity and Data Privacy team reports directly under the office of the CISO headed by Chief Information Security Officer (CISO) Jason Lau (https://www.linkedin.com/in/jasonciso/) who has over 23+ years of experience in the cybersecurity space, awarded Global Top 100 CISO, and also serves on the World Economic Forum, International Association of Privacy Professionals and more.
The team comprises of multiple functions from Blockchain Security, Operational Security, Security Governance and Compliance and more. We drive a culture of having a growth mindset and being humble to help everyone achieve their potential. Security and Data Privacy Compliance first strategy which has been at the core of our company. The security team helped to drive us to be the first Crypto company worldwide to achieve ISO27001, ISO27701, ISO22301 and PCI:DSS 3.2.1 (Level 1) certifications. Extremely detailed third party attested by international audit firm SGS and achieved "Adaptive (Tier 4)” – the highest level possible for the US National Institute of Standards and Technology (NIST) Cybersecurity Framework and the latest NIST Privacy Framework as well as SOC2 and many other regional certifications like the Data Protection Trust Mark.

• Implement, manage and enhance cloud security controls - native cloud security controls, CSPM, CNAPP, container security controls, etc.
• Build, maintain, tune and enhance CSPM, CNAPP and container security rules and policies.
• Work with SIEM engineering on cloud security logging and cloud security threat detection use cases.
• Work with the SOC on cloud security response procedures and to implement automated containment runbooks.
• Improve cloud security logging, detection and response processes.
• Manage and enhance the company’s vulnerability management lifecycle processes.
• Manage vulnerability and configuration scanning tools, setup vulnerability scanners, perform scheduled scans, tuning scanning profiles, etc.
• Review and triage vulnerability alerts/advisories to produce manageable reports for actionable next steps.
• Assist in the analysis and remediation of findings discovered during scheduled internal and third party vulnerability scans and penetration tests
• Prepare security patch bundles for various types of endpoints (Windows, Linux, MacOS).
• Manage and enhance the company’s baseline security configuration program for workstations and servers. This involves maintaining and developing hardening standards and working with stakeholders to implement these standards across the organization.
• Ensure the timely delivery of compliance and regulatory reporting.
• Collaborate closely with the security compliance team to acquire the compliance and regulation requirements and ensure the program fulfill their needs
• Deliver on KRIs and KCIs for vulnerability management, secure configuration management and cloud security.

• 7+ years of experience working in information security
• 5+ years of experience in cloud security or vulnerability management
• Cloud experience (AWS and Azure) in administrative management, policy management, platform management, cloud security controls management and DevOps integration is required.
• Coding, scripting, automation in GitHub and familiarity with Infrastructure as Code (IaC) in AWS/Azure will be an advantage.
• Knowledge of common security frameworks such as CIS, NIST, PCI DSS etc.
• Able to articulate how vulnerabilities translates to cyber-risks
• Experience conducting security risk assessments
• Experience of using vulnerability management tools like Tenable, Qualys, InsightVM, Tripwire CCM, etc. Familiarity with Qualys will be an advantage.
• Proficiency in a scripting language like Python, Ruby, PowerShell, or Bash is preferred.
• Information Security certifications (CISSP, SANS GIAC, Security+, etc.) a plus.
• High work ethic and sense of ownership for the delivered results.
• Excellent communication skills in English (spoken & written) and comfort communicating security risks and controls to technical and non-technical partners required.