Application Security Engineer

Job Description BitGo is the leading infrastructure provider of digital asset solutions, delivering custody, wallets, staking, trading, financing, and settlement services from regulated cold storage. Since our founding in 2013, we have focused on enabling our clients to securely navigate the digital asset space. With a global presence and multiple Trust companies, BitGo serves thousands of institutions, including many of the industry's top brands, exchanges, and platforms, and millions of retail investors worldwide. As the operational backbone of the digital economy, BitGo handles a significant portion of Bitcoin network transactions and is the largest independent digital asset custodian, and staking provider, in the world. For more information, visit www.bitgo.com. We are looking for a versatile Application Security Engineer to join the team to continue to mature the application security practices at BitGo. This exciting opportunity empowers you to ensure vulnerabilities are prevented, or detected as early as possible. You get the opportunity to make a real and meaningful difference. We want you to focus on quality over noise. Automation over manual work. Your work would take place during regular business hours working with the local team. From time to time evening meetings will be necessary. Responsibilities: - Assist in the development of automated security testing to validate that secure coding best practices are being used - Assist in the creation and delivery of secure development training - Participate in application security reviews and threat modeling, including secure code review, architectural design, and dynamic testing - Perform application security vulnerability management - Support the bug bounty program - Facilitate and support the preparation of secure releases - Support and consult with engineering teams in the area of application security and best practices - Drive security projects from ideation to requirements to implementation - Mature the security program through the use of the NIST CSF - Assist in any relevant incident response activities Skills & Experience: We are looking for teammates who share and practice our values: open communication, transparency, taking ownership, and a high level of craftsmanship. We are looking for coworkers who share our vision and mission: deliver trust in digital assets. Required: - 5+ years of experience with application security - 1-2 years of experience in software development and mobile security - Familiarity with common security libraries, security controls, and common security flaws. - Experience with OWASP, static/dynamic analysis, and common security tools - A basic understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, protocols) - Experience in vulnerability management lifecycle - Familiarity with cloud security controls and best practices - Experience working with developers - Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner - Preference for candidates who know some of the programming languages in use at BitGo - TypeScript, Go, Python, Java, Kotlin Why Join BitGo Disrupting an industry takes vision, innovation, passion, technical chops, drive to deliver, collaboration, and execution. Join a team of great people who strive for excellence and personify our corporate values of open communication, collaboration, accountability, craftsmanship, and a client first approach. We are looking for new colleagues who bring innovative ways of thinking and problem solving, and who want to be part of the team that changes the world's financial markets. Here are some of the benefits of working at BitGo: - Competitive salary - IT equipment support for work - Meal & Commute allowance - Medical Insurance - Attractive Well-being allowance (comprises of medical, wellness and fitness aspects) - Snacks: on-the-house in the Bangalore office - Great/Talented workforce to learn and grow with Note: This role requires working onsite (Monday to Friday) at the Bangalore office. Cryptocurrencies are the most disruptive change the financial services industry has seen in years. Join us and you'll be able to look back and say you were part of the team that transformed finance.