Security Engineer

Information Security Engineer

Description

SUKU is seeking an Information Security Engineer specializing in web application security and

hands-on security architecture for our agile blockchain startup. You'll work closely with our

CTO and tech team to establish and uphold security standards across various technologies,

contributing to the development of mobile apps, web apps, and blockchain solutions. This

role is pivotal in implementing and managing advanced security measures to protect our

organization's infrastructure from evolving cyber threats.

Responsibilities

• Web Application Security : Assess and enhance the security posture of web

applications by leading the design and implementation of security enhancements,

architectural reviews, and security best practices.

the latest financial technology. Support our development team implementing

payment applications, money transferring services, and cryptocurrency apps.

and existing systems, ensuring alignment with industry standards, regulatory

requirements, and security frameworks.

manage SIEM solutions to monitor and analyze security events across the enterprise.

Develop and fine-tune correlation rules, alerts, and dashboards to detect and

respond to security incidents effectively.

systems and applications. Ensure logs are collected, aggregated, and analyzed to

identify anomalies and potential security breaches.

penetration tests on networks, systems, and applications. Analyze findings, prioritize

risks, and collaborate with IT teams to remediate vulnerabilities promptly.

containment, eradication, and recovery. Develop and maintain incident response

playbooks and conduct post-incident analyses to improve future responses.

evidence of compliance with security policies and frameworks. Participate in the

development and enforcement of security policies, procedures, and standards.

Requirements

security engineering, with a focus on SIEM management, vulnerability assessments,

and incident response.

intrusion detection / prevention systems, endpoint protection, and encryption

methods. Proficiency in scripting languages (e.g., Python) for automation purposes.

IBM QRadar, or Elastic Stack (ELK).

but not limited to online banking software, money transmitter services, etc.

as ISO 27001, NIST, GDPR, and HIPAA.

Miscellaneous

"Web Application Security" . Our applications are written in TypeScript and require web application security assessments and scanning.

They could not talk about common vulnerabilities for web applications, e.g. OWASP Top 10

To summarize, we need someone who knows how to secure financial web applications, this includes knowledge about web vulnerabilities and financial transactions, ideally crypto transactions.

I realize that the profile I shared may not put enough emphasis on this.

Santiago is a very well experienced security engineer with a lot of knowledge on the infrastructure side. My critique was mainly around :

$1B losses just in the past couple of weeks, e.g. ByBit, I consider awareness of those things in the industry crucial for this role

Now, I realize this is a very unique skillset that requires a mix of security, web application, and blockchain / crypto knowledge but my questions are basic. We need someone with this mix to make sure our application is secure. This is crucial to our business, we cannot compromise when it comes to security.