Bitso is hiring a

Web3 Staff Software Engineer - Security

<h3><span >

As a Staff Software Engineer you will take ownership of critical technical decisions, collaborating with the team to implement enhancements and ensure the highest quality in our systems. You will play a pivotal role in defining and delivering cutting-edge technical solutions, guiding and mentoring other engineers, and setting the technical direction and architecture of our applications.

Your deep understanding on cyber security makes not only your team stronger but the whole Bitso.

Reports To

Engineering Manager

Who You Are 

• Passionate about cryptocurrency.
• Possesses a high degree of responsibility, organization, and discipline.
• Exhibits exceptional attention to detail.
• Demonstrates 5+ years of staff software engineering experience, including leadership experience, including managing and mentoring technical and product-oriented teams.
• Displays exceptional oral and written communication skills, and can convey complex security concepts to diverse audiences, including technical and non-technical stakeholders.
• Possesses excellent time and project management skills, with a proven ability to lead complex security initiatives and deliver results within set deadlines.
• You've got large experience working with Java 8+
• Strong hands-on experience developing high scalable system designs and building proposed solutions with teams;
• Strong understanding and experience working with distributed systems;
• Strong hands-on experience implementing multi-factor authentication (MFA) solutions, including biometrics, one-time passwords (OTP), WebAuthn, FIDO2, and risk-based authentication.
• Strong hands-on experience with secure coding principles and best practices, such as those outlined in the OWASP Top 10 and SANS CWE Top 25.
• Strong hands-on experience with API security best practices, including OWASP API Security Top 10, secure authentication (e.g., JWT), rate limiting, input validation, etc.
• In-depth knowledge of authentication and authorization mechanisms, including OAuth 2.0, OpenID Connect, SAML, and RBAC/ABAC models.
• Strong understanding of encryption standards, hashing algorithms and key management best practices for securing sensitive data.
• Proficiency in threat modeling methodologies (e.g., STRIDE, DREAD, PASTA) to systematically identify, analyze, and mitigate potential attack vectors.
• Experience working with application security testing tools, including SAST, DAST, and SCA tools to proactively detect and remediate vulnerabilities.
• Familiarity with SIEMs, logging, and monitoring tools (e.g., Splunk, ELK).
• Familiarity with offensive security methods such as red teaming, penetration testing and vulnerability assessments.
• Experience with observability and monitoring tools (e.g., Splunk, Datadog).
• Experience working with Git and automated CI/CD tools.
• Available to work full-time.
• Proficient in English.

Nice to Have

The following qualifications are not mandatory but would be valuable:

• You know your way around Kubernetes, GRPC, and REST
• You've got knowledge or experience in the finance industry
• SSDLC related certifications (e.g. OSWE, CSSLP, GWEB, CASP). 
• Familiarity with laws governing the privacy and security of personal data (e.g., GDPR, CCPA).

What You Will Do 

• Architect Security Solutions: Design and implement scalable and security, high-impact improvements to our product that support rapid growth and high visibility.
• Deliver High-Performance Code: Produce efficient, high-performance code that scales to meet the demands of hundreds of thousands of daily users.
• Stay Hands-On: Maintain active involvement in coding, participating fully in the development process from start to finish.
• Conduct Quality Code Reviews: Perform thorough and respectful code reviews, maintaining the highest quality standards across the team.
• Champion Cyber Security Engineering Excellence: Advocate for best practices in engineering, cyber security by promoting efficiency, continuous improvement, innovation and security robustness.
• Foster Knowledge Sharing: Engage with the Bitso engineering community, contributing to knowledge sharing, innovation, and effective problem-solving.
• Cyber Security Maturity: Engage with the Bitso Cyber Security needs and evolutions while guiding the team and departments to deliver software with high standards of quality, security and reliability.

Your Team

You work with a team full of engineers that vary in seniority from medium to principal levels. You will have the opportunity to build the most secure parts of the systems in a very exciting and challenging environment.

<div class="content-conclusion">

Who We Are

With over 9 million users, Bitso is the leading cryptocurrency platform in Latin America. We are developing the cryptocurrency ecosystem in the region and enabling financial inclusion. We believe crypto is the future of finance, and we’re committed to making it useful by providing equal access to safe and intuitive financial products.

When we hire people for our team, we specifically test for the following traits in addition to our cultural values:

• Mission-Driven: We seek individuals who are passionate about crypto and Bitso’s mission and resilient in facing industry challenges

• High Sense of Urgency: We prioritize candidates who demonstrate a high sense of urgency and responsibility.

• Exceptional Hard Skills: We seek individuals who possess exceptional skills in their respective fields, with no room for mediocrity.

• Self-Management: We look for individuals who can independently manage their work, career, and professional development.

Compensation & Benefits

At Bitso, you are taking the front seat on the edge of crypto innovation, creating the next generation of crypto-powered products.

So for those willing to commit, adapt and pioneer the most important change of the century we offer:

• Me Time program, including unlimited paid time off.
• Remote-first work environment.
• Employee Stock Option program.
• Zero trading fees through our Bitso Alpha app.
• Extended Family Leave Policy: all birthing parents, non-birthing parents and adopting parents are eligible for a 4-months leave.
• Premium health, dental and life insurances in Mexico, Gibraltar, Colombia, USA, Brazil and Argentina.
• Monthly stipend for gym memberships, relaxation activities, sports equipment, cooking classes, books, entertainment and more.

Want to leave an undoubtedly legacy with us? Fasten your seatbelt and join this spaceship, where you will find exponential growth and the opportunity to thrive!

• These are the applicable requisites, although equivalent competencies in any of the above will also be considered.
• To see our Privacy Policy please click here.