Senior Offensive Security Specialist

Responsibilities

• Perform web application penetration testing, source code reviews, and/or cloud penetration testing.
• Perform mobile and API penetration testing.
• Support project tasks and deadlines for engineering teams spanning multiple time zones.
• Create unique tools to assist in scaling the security program, from building custom automation for vulnerability discovery to developing novel attack simulation tools.
• Perform red-teaming activities to further strengthen our security controls.
• Exploit vulnerabilities found in Bullish systems and clearly communicate complex vulnerabilities to both technical and non-technical staff.
• Create detailed technical reports explaining technical and business risk of the vulnerabilities found to include actionable recommendations/considerations.
• Provide technical leadership/mentorship to the security and engineering teams.
• Writing new tools and automation.
• Reverse engineering.
• Other duties as assigned.
• Required skills and experience:
• 7+ years of relevant experience in cyber security.
• Experience in performing senior-level penetration testing and application security assessments, conducting design code reviews, applying offensive security methodologies, and demonstrating high ethical standards.
• Familiarity with attack tools such as Burp Suite, Nessus, Kali Linux and similar tools.
• Knowledge of common attacks and vulnerabilities including OWASP Top 10 and SANS CWE 25.
• Exposure to and understanding of various security assessment activities including Mobile application assessments (iOS and Android), Web Services API assessments (examples: REST, GraphQL and Message Queues), and hardware/embedded systems.
• Basic proficiency in multiple mainstream programming languages such as C/C++, Java, JavaScript, Python, or Go.
• Ability to effectively assess risks and severity and communicate vulnerability impact to management and engineering teams.
• Solid understanding of network and protocol basics including IP, DNS, HTTP and SSL/TLS.
• Familiarity with basic cryptographic concepts including PKI, cryptographic algorithms, application of cryptography for encryption at rest and in motion.

Benefits

Additional Information

About Bullish Bullish is an institutionally focused global digital asset platform that provides market infrastructure and information services. These include: Bullish Exchange - a regulated and institutionally focused digital assets spot and derivatives exchange, integrating a high-performance central limit order book matching engine with automated market making to provide deep and predictable liquidity. Bullish Exchange is regulated in Germany, Hong Kong, and Gibraltar. CoinDesk Indices - a collection of tradable proprietary and single-asset benchmarks and indices that track the performance of digital assets for global institutions in the digital assets and traditional finance industries. CoinDesk Data - a broad suite of digital assets market data and analytics, providing real-time insights into prices, trends, and market dynamics. CoinDesk Insights - a digital asset media and events provider and operator of Coindesk.com , a digital media platform that covers news and insights about digital assets, the underlying markets, policy, and blockchain technology. Reports to: Director, Offensive Security and Vulnerability Management The Bullish Offensive Security and Vulnerability Management (OSVM) team provides Bullish Global with the capabilities to ensure that our products and services are secure and meet the security obligations expected by our customers and regulators. The OSVM team helps to secure all of Bullish Global, which includes the Bullish Exchange, CoinDesk.com , Consensus, and CoinDesk Data. The OSVM team regularly performs security assessments and penetration testing across a variety of technologies, source code reviews, vulnerability remediation support, automated security testing, security tool development, and red-teaming. We are seeking a Senior Offensive Security Specialist to join our Offensive Security team to help secure Bullish Global. In this exciting role, you will be a key player within an elite security team delivering industry-leading Crypto services. This role will work closely with product and engineering teams to deliver secure software. This work will include delivering a wide range of security capabilities across a modern technology stack. This role will also work closely with developers to diagnose, document, and remediate application vulnerabilities. The ideal candidate will be a mix of hacker, programmer and security enthusiast who has a special passion for the unique promise and challenge of a dynamic environment working with a variety of products and teams.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at bullish? Share your experience