Crypto.com Jobs

The Cybersecurity and Data Privacy team reports directly under the office of the CISO headed by Chief Information Security Officer (CISO) Jason Lau (https://www.linkedin.com/in/jasonciso/) who has over 23+ years of experience in the cybersecurity space, awarded Global Top 100 CISO, and also serves on the World Economic Forum, International Association of Privacy Professionals and more.

The team comprises of multiple functions from Blockchain Security, Operational Security, Security Governance and Compliance and more. We drive a culture of having a growth mindset and being humble to help everyone achieve their potential. Security and Data Privacy Compliance first strategy which has been at the core of our company. The security team helped to drive us to be the first Crypto company worldwide to achieve ISO27001, ISO27701, ISO22301 and PCI:DSS 3.2.1 (Level 1) certifications. Extremely detailed third party attested by international audit firm SGS and achieved "Adaptive (Tier 4)” – the highest level possible for the US National Institute of Standards and Technology (NIST) Cybersecurity Framework and the latest NIST Privacy Framework as well as SOC2 and many other regional certifications like the Data Protection Trust Mark.

Crypto.com is seeking an experienced Senior Security Engineer to be at the forefront of securing our infrastructure. This role has the direct responsibility for supporting the Cloud Security, Vulnerability Management and Secure Configuration Management Programs. 

Responsibilities

• Implement, manage and enhance cloud security controls - native cloud security controls, CSPM, CNAPP, container security controls, etc.
• Build, maintain, tune and enhance CSPM, CNAPP and container security rules and policies.
• Work with SIEM engineering on cloud security logging and cloud security threat detection use cases.
• Work with the SOC on cloud security response procedures and to implement automated containment runbooks.
• Improve cloud security logging, detection and response processes. 
• Manage and enhance the company’s vulnerability management lifecycle processes.
• Manage vulnerability and configuration scanning tools, setup vulnerability scanners, perform scheduled scans, tuning scanning profiles, etc.
• Review and triage vulnerability alerts/advisories to produce manageable reports for actionable next steps. 
• Assist in the analysis and remediation of findings discovered during scheduled internal and third party vulnerability scans and penetration tests
• Prepare security patch bundles for various types of endpoints (Windows, Linux, MacOS).
• Manage and enhance the company’s baseline security configuration program for workstations and servers. This involves maintaining and developing hardening standards and working with stakeholders to implement these standards across the organization.
• Ensure the timely delivery of compliance and regulatory reporting.
• Collaborate closely with the security compliance team to acquire the compliance and regulation requirements and ensure the program fulfill their needs
• Deliver on KRIs and KCIs for vulnerability management, secure configuration management and cloud security.

Requirements

• 5+ years of experience working in information security
• 3+ years of experience in cloud security or vulnerability management
• Knowledge of common security frameworks such as CIS, NIST, PCI DSS etc.
• Able to articulate how vulnerabilities translates to cyber-risks
• Experience conducting security risk assessments
• Experience of using vulnerability management tools like Tenable, Qualys, InsightVM, Tripwire CCM, etc.
• Cloud experience (AWS and Azure) is required.
• Proficiency in a scripting language like Python, Ruby, PowerShell, or Bash is preferred.
• Information Security certifications (CISSP, SANS GIAC, Security+, etc.) a plus.
• High work ethic and sense of ownership for the delivered results.
• Excellent communication skills in English (spoken & written) and comfort communicating security risks and controls to technical and non-technical partners required.

#LI-SF1

#LI-MidSenior

#LI-Hybrid

Life @ Crypto.com

Work Perks: crypto.com visa card provided upon joining 

Our Crypto.com benefits packages vary depending on region requirements, you can learn more from our talent acquisition team.

About Crypto.com:

Founded in 2016, Crypto.com serves more than 80 million customers and is the world's fastest growing global cryptocurrency platform. Our vision is simple: Cryptocurrency in Every Wallet™. Built on a foundation of security, privacy, and compliance, Crypto.com is committed to accelerating the adoption of cryptocurrency through innovation and empowering the next generation of builders, creators, and entrepreneurs to develop a fairer and more equitable digital ecosystem.

Learn more at https://crypto.com. 

Crypto.com is an equal opportunities employer and we are committed to creating an environment where opportunities are presented to everyone in a fair and transparent way. Crypto.com values diversity and inclusion, seeking candidates with a variety of backgrounds, perspectives, and skills that complement and strengthen our team.