This job board retrieves part of its jobs from: Toronto Jobs | Emplois Montréal | IT Jobs Canada

Jobs in Toronto & GTA for everyone!

To post a job, login or create an account |  Post a Job

   Jobs in toronto & gta   

New job offers published everyday for the diverse people of Toronto & GTA!

previous arrow
next arrow

Application Security Engineer


This is a Contract position in Halton Hills, ON posted September 30, 2021.

BitMEX is the world’s leading cryptocurrency derivatives trading platform, which has pioneered cryptocurrency trading through relentless commitment to change, and continues to set benchmarks for innovation, liquidity, and security today.

As the world’s most advanced peer-to-peer crypto-products trading platform and API, BitMEX gives knowledge, confidence, and precision to hundreds of thousands of traders, transacting billions of USD a day.

Role Overview The goal of the Application Security Engineer is to ensure that no code running in BitMEX’s environments is actively malicious or vulnerable to exploitation.

She or he achieves this by implementing a variety of security controls in the form of automated code scanning, security reviews, secure coding guidelines, implementation of secure by default services and libraries, and manual security testing.

The application security engineer works closely with the security detection and response and product engineering (PE) teams to implement application security controls and alerting for known attacks, and helps triage application security vulnerabilities that arise.

Key Responsibilities: Identify and mitigate application security threats against the BitMEX platform Participate in internal threat modelling exercises Collaborate closely with other teams to increase visibility and help mitigate appsec related threats to the product Provide clear, prescriptive guidance for teams implement security sensitive features and services Be a team player and someone that others feel comfortable approaching with appsec questions Skills, Traits & Competencies: 5 years of security industry experience, 2 years in an appsec role Strong software development skills with a background in some combination of Python, Ruby, Golang, NodeJS Strong understanding of common appsec controls, such as CSP, SRI, the same-origin policy, cookie security, etc Strong understanding and practical experience attacking web application vulnerabilities such as XSS, CSRF, XXE, SQLi, LFI/RFI, etc.