AppSec Engineer

Are you passionate about securing cutting-edge applications in the fast-paced world of cryptocurrency? Want to work with a talented team, enhancing security and protecting valuable assets in a growing digital landscape? If so, we’d love to have you on board! As an Application Security Engineer, you’ll be responsible for ensuring the safety and security of our crypto-related applications, working closely with cross-functional teams to develop and implement best practices in application security. Responsibilities: Collaborate with development and DevOps teams to address security issues in the software development lifecycle. Conduct security architectural reviews, set security requirements, and ensure new features meet security standards. Create and update security policies, standards, and procedures related to secure development. Identify and mitigate risks associated with application infrastructure, implementing effective security measures. Research and improve methods for detecting security threats in the cryptocurrency industry, proposing strategies to counteract them. Design DevSecOps solutions, onboard and configure AppSec tools (DAST, SAST). Participate in Patch and Vulnerability Management processes, assessing security vulnerabilities in applications and infrastructure. Develop security practices for designing secure APIs. Stay updated on modern approaches to securing crypto-asset applications. Requirements: A degree in a relevant field, such as Information Security or Computer Science. 2+ years of experience in Application Security. Proficiency in reading and understanding Bash, Python, and Go code, with the ability to identify security flaws. Knowledge of common security vulnerabilities and protection methods. Hands-on experience with security tools (SAST, DAST, SIEM, WAF, Anti-DDoS, Vulnerability Management). Familiarity with security standards and frameworks (NIST, MITRE, ISO 27k, PCI-DSS, OWASP ASVS, OWASP Top 10, OWASP SAMM). Understanding of containerization and orchestration security (Docker, K8s). Technical knowledge of Blockchain and cryptography, as well as best practices in securing corporate information systems (Zero Trust, 2FA/MFA, Principle of Least Privilege). Proficiency in technical English, for understanding documentation and communicating with international standards. Nice-to-Have: Experience with API security testing. Understanding of SSDLC and DevSecOps processes. Relevant certifications (BSCP, OSWE, OSCP). Active profile on security learning platforms (e.g., HackTheBox). Participation in CTF competitions. What We Offer: Fully remote position — work from anywhere! 28 days of paid vacation and fully paid sick leave. Competitive salary in USDT. Opportunity to work in a fast-growing and innovative cryptocurrency company