Senior Offensive Security Engineer

Senior Offensive Security Engineer

Hong Kong

BitMEX stands as a globally leading exchange for crypto derivatives, offering traders a professional-grade trading platform. Since its inception in 2014, BitMEX has maintained an impeccable security record with "no coin lost, ever!". Our platform caters to cryptocurrency derivatives traders by providing low latency, deep liquidity, and maximum availability. Currently, BitMEX offers more than 100 derivatives contracts, 16 pairs for spot trading, and an easy covert function between 30+ different cryptocurrencies. In 2015, BitMEX revolutionised the market by inventing the Perpetual Swap, which has since become the most widely traded crypto product. Demonstrating a commitment to transparency, since 2021, BitMEX has been among the first exchanges to regularly publish its on-chain Proof of Reserves and Proof of Liabilities, ensuring that the funds available exceed the total client balances.

Overview

This is an opportunity for an intermediate/senior level Offensive Security Professional to join our Product Security team. As an experienced researcher you will help maintain critical security systems within our architecture, as well as assisting the wider engineering and devops practices with their activities. In Product Security our mission is to continuously improve the security posture of BitMEX from the inside, and we are looking for someone capable and flexible who can work with our excellent staff on that mission!

A crypto trading exchange is a security environment that is fairly rare in the infosec industry: we regularly get attacked by nation-state APT groups, we have continuous attempts by everyone from script kiddies to our own users trying to find ways to illegitimately extract money from us, and we protect vast amounts of crypto. All at the same time having a software stack that requires extreme uptime, minimal latency, and absolute accuracy in how it takes and processes orders. If you want to help protect an environment where the threats are very real and continuous, this is the job for you. We will check that you are not from the DPRK, be warned; it would not be the first (or second, or third) time.

Key Responsibilities

• Manage our bug bounty program, reviewing reports, engaging with researchers and cooperating with software engineering to fix bugs
• Reviewing the outcomes of external penetration tests, replicating issues and again, working with engineering to fix findings
• Conducting internal penetration tests on our software and infrastructure stack
• Red and purple team exercises to test our monitoring
• Security research & threat intelligence, working with security response
• Application security & code reviews, internal training of engineers
• Being part of incidents to help triage and investigate issues

Qualifications

• 5+ Years in Information Security.
• Proven expertise in offensive security either through certifications, recognition, or referees.
• Experience performing threat modeling and risk assessments on complex applications and system architectures.
• Strong communication skills and work ethic: contribute actively to the company and become 'known'
• Candidates with less experience will be considered for an Offensive Security Engineer position.

Nice to have

• Experience with Kubernetes, Istio, Envoy and the AWS cloud platform would be useful. Advanced skills in these (and affiliated technologies) are a bonus but not required.
• Experience with GitHub CI/CD / Actions and/or ArgoCD is a bonus but not required
• Experience with derivatives and cryptocurrency is a bonus but not required.
• Development expertise in Go is a bonus but not required

BitMEX offers a dynamic environment that blends intense work, a vibrant culture, and diversity. We actively recruit across time zones to meet growing demands and attract top global talent. We're seeking determined, responsible, and collaborative individuals to join us in building a leading cryptocurrency ecosystem. We value meticulousness, agility, and simplicity. As a 24/7 global exchange, we look for adaptable team players who can excel in a diverse, cross-market environment.

In addition, we offer an industry leading benefits package to our permanent employees. Here's a peek into what we offer:

• Work from home to help you find the perfect balance between work, family and personal life
• 25 days of annual leave, on top of public holidays, as well as maternity, paternity and childcare leave… etc to accommodate your growing responsibilities
• A top tier & comprehensive medical, dental and vision policy for you and your dependents
• Professional development allowance to support your career advancement
• Access to our annual wellness benefits to cultivate your physical and mental growth
• Don't forget the advantage of our Beyond Border Remote Working policy, where you get to work away from your home country
• Team building & offsite events to bring our global team closer
• Life insurance coverage to provide a safety net for your family's future