Interdax is building a 3rd generation digital asset exchange.
Our team comes from top HFTs and exchanges like Nasdaq and NYSE, as
well as from well known firms in the blockchain space. We are a
well-funded project (8-figure sum) currently operating in stealth mode.
In this role you will ensure the security of our applications and
platform. From design to production, you will implement secure coding
and AppSec best practices across the SDLC, helping Product and
Engineering teams ship robust code as part of a distributed
microservices architecture. You will leverage your experience and
technical security expertise to prioritise and deliver world-class
solutions.
Responsibilities
- Perform hands-on security threat modeling, risk assessment, and vulnerability remediation
- Maintain, validate, and communicate the products' threat model, security properties, and trust model
- Evaluate, architect, implement, and support security-focused tools and services
- Conduct internal penetration testing coordinating with external auditors
- Work with DevSecOps to improve the secure software development lifecycle
- Partner with Product/Engineering teams to define identity access and management, PKI and HSM implementations
- Perform continuous code audits
- Monitor latest web application security developments and security trends to continually improve internal processes.
- Educate software engineers on secure coding techniques and application security best practices
Requirements
- 7+ years experience as a hands-on security engineer delivering mission-critical technology
-
Understanding of OWASP security concepts and common application
security risks, such as XSS, CSRF, SQL Injection, Cookie Manipulation,
etc
- Familiar with vulnerability management and penetration testing
tools : NMAP, Nessus, Burp, ZAP, Nexpose, BackTrack, Kali Linux, or
Metasploit
- 5+ years of experience with identity and access management technologies (ABAC/RBAC, Multi Factor Authentication, IDO U2F, etc)
- Deep knowledge of AuthN/AuthZ protocols (OpenID Connect, OAuth, SAML)
- Familiarity with code analysis tools (SonarQube, Veracode, etc)
- Proficiency with two or more of: JavaScript, Go, Python or C++.
- BS, MS or PhD in computer science, or related security discipline, or equivalent work experience
Bonus points
- An interest in financial markets and cryptocurrencies
- Relevant industry certifications (CISSP, CISA, CISM, CRISC, ISO 27001 or similar)
- Experience designing for crypto security (e.g. certificate handling and PKI, attestation, TPM/HSM)
- Familiarity with embedded systems security
Compensation and perks
- Competitive salary ($180k-$250k / year)
- Profit sharing (0.5 - 1.5%)
- Fully remote
- Flexible work hours
- Unlimited Vacation Policy
- Startup culture
- Team getaways