Application Security Engineer

Aquanow, a leading infrastructure and liquidity provider that provides institutional and enterprise application platforms for digital assets, This is a unique opportunity to work alongside a highly-experienced team and contribute to the development of a high-growth trading and technology company.

As Aquanow grows, so does the risk surrounding its cloud footprint. The Security team is responsible for building safeguards that allow our developers to move fast while minimizing risk, maintaining a secure software supply chain, and developing secure infrastructure patterns such that our applications run safely with a reduced blast radius.

If you want to have your name in the success story of a globalizing company, we look forward to receiving your application to the winning Aquanow team!

What You’ll Do :

Educate our engineering team on security best practices to curate a culture where everyone feels invested and responsible for building a secure product.

Champion security through code quality, new technologies, and architectural design.

• Partner with product teams to implement a secure-by-default design into their products.
• Consult with teams to ensure data is properly handled throughout our environment.
• Help drive the shift left movement within Aquanow by implementing tooling within our CI / CD pipelines (DevSecOps)
• Perform security assessments and audits of our infrastructure, identifying and mitigating security gaps and weaknesses.
• Responsible for the configuration and tuning of application security tooling, process and alerting.
• Responding to and validating Bug Bounty submissions.
• Serving as a liaison between Compliance and Engineering to ensure we are meeting our regulatory requirements.
• Keep up to date with the latest offensive security techniques, application security threats, and best practices, including recommending improvements to security posture.

You’ll Need to Have :

• 5+ years of experience in Application Security engineering, application security penetration testing, developing and implementing changes.
• You're familiar with our tech stack : Javascript, TypeScript, Node.js, GitHub (repositories and actions), AWS.
• Familiarity with OWASP Top 10, OWASP Secure Headers and OWASP standards like ASVS and MASVS.
• Have experience in authentication and authorization standards and protocols (SAML, Oauth, LDAP, AD, etc.)
• Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc.)

We’d Love to See :

• You wearing many hats and have a passion for tackling the broad security challenges that a fast-growing startup faces and you’ve done this a few times before for the last 5+ years in a highly compliant environments
• Experience in security techniques, with a focus on blockchain technology.

The Interview Process :

• Stage 1 : A 30-minute video call with the Security Manager
• Stage 2 : A 45-minutes technical deep dive with the members of the Security team
• Stage 3 : A 30-minute video call with the CTO and Co-Founder
7 days ago