In 2021, the global cryptocurrency and DeFi industry lost over $3B equivalent in crypto from hacks. The organization's Halborn advises on security matters have suffered 0 financially impacting incidents. Founded in 2019, Halborn was born to solve the slew of adversarial problems unique to the cryptocurrency industry including but not limited to breaches, social engineering, stolen private keys, and economic hacks. Halborn’s clientele are top 50 layer 1’s blockchain protocols, DeFi & NFT platforms, and major financial institutions globally.
Culture is a top priority in our 100% distributed, remote organization of 60+ elite security engineers. We value independence, learning, never before confronted challenges, and the ability to make big impacts in cutting-edge technologies.
About The Role
We are seeking a Cloud Security Engineer with a passion to build their knowledge in the blockchain ecosystem. They’ll be working with our Engineering team and Cloud infrastructure team.
* 5+ years of experience in IT Security Systems in a hybrid cloud environment
* Exposure to cloud security (public and private cloud)
* 5+ years experience in Azure/Aws/GCP
* Ability to pick up the cutting-edge technologies and delivery the best-security practice solution to the clients
* Experience in interpreting highly technical detail, performing security analysis, and providing security requirements and assurance within a cross-functional team
* Hands-on experience configuring security elements/controls within public cloud environments, e.g. IAM, Firewalls, Logging/Alerting, SIEM is desirable
* Attention to detail, thoroughness, deep ownership with great communication to peers and other key stakeholders to provide a great end-to-end security engineering service
* Experience to work with external clients and care about all security
* Certified Kubernetes Security Specialist ( CKS )
* AWS Certified Security - Specialty
- * Azure Security
* Bachelor’s Degree in a related field plus additional related college courses or professional training and four to seven years of progressively responsible, directly related, experience required.
* One or more security certifications or a CISSP certification would be ideal
* Knowledge of secure development principles and of DevSecOps
* Must have a thorough understanding of web protocols TCP/IP, UDP, HTTP, HTTPS, SSL, TLS, etc.
* Experience with at least one programming language (Go, Python, PHP, etc.).
* Experience with Git
* Experience with monitoring tools
* Knowledge of common vulnerabilities such as cross-site scripting (XSS), session hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
* Experience with microservice architecture
* Production experience with k8s and service mesh, logging, monitoring, etc
* Experience with Terraform/Ansible to manage Infrastructure/Configuration as code
* Experience with AWS and familiar with AWS services, components, and common architecture patterns. Nice to have experience with Azure, GCP, etc.
* Experience with CI/CD model and know how to secure the CI/CD
* Traffic and log analysis from a security perspective
* Familiar with OWASP/ SANS application vulnerabilities
- * Experience with Secure Code Reviews
Nice to have / Not Mandatory
- Experience working within the blockchain/cryptocurrency ecosystem
- Experience setting up node/validator infrastructure
All candidates who make it past 2nd round will be required to:
- Pass background and criminal record check
- Provide x3 relevant references