Senior Security Engineer

The Cybersecurity and Data Privacy team operates under the leadership of Chief Information Security Officer (CISO) Jason Lau, who is an experienced cybersecurity professional with over 23+ years in the field. The team is responsible for various functions related to blockchain security, operational security, security governance, and compliance. Their focus is on maintaining a growth mindset and fostering an environment where everyone can reach their potential. The team has achieved numerous certifications, including ISO27001, ISO27701, ISO22301, and PCI:DSS 3.2.1 (Level 1).

Crypto.com is currently looking for a Senior Security Engineer to join their team and play a crucial role in securing their infrastructure. This position involves supporting the Cloud Security, Vulnerability Management, and Secure Configuration Management Programs.

Responsibilities:

• Implement, manage, and improve cloud security controls, native security controls, and container security controls.
• Build, maintain, and enhance policies and rules for cloud security and container security.
• Collaborate with the SIEM engineering team on cloud security logging and detection.
• Work with the SOC to develop cloud security response procedures and automated containment runbooks.
• Enhance cloud security logging, detection, and response processes.
• Manage and improve vulnerability management processes, including scanning for vulnerabilities and driving patching and remediation efforts.
• Review and analyze vulnerability alerts and advisories.
• Assist in the analysis and remediation of findings from internal and third-party vulnerability scans.
• Manage the company's baseline security configuration program for workstations and servers.
• Ensure timely delivery of compliance and regulatory reporting.
• Collaborate with the security compliance team to meet compliance requirements.
• Deliver on key risk indicators (KRIs) and key control indicators (KCIs) for vulnerability management, secure configuration management, and cloud security.

Requirements:

• Minimum 5 years of experience in information security.
• Minimum 3 years of experience in cloud security or vulnerability management.
• Familiarity with security frameworks such as CIS, NIST, and PCI DSS.
• Ability to articulate how vulnerabilities translate to cyber risks.
• Experience conducting security risk assessments.
• Knowledge of vulnerability management tools like Tenable, Qualys, InsightVM, and Tripwire CCM.
• Cloud experience with AWS and Azure.
• Proficiency in a scripting language like Python, Ruby, PowerShell, or Bash.
• Information security certifications (CISSP, SANS GIAC, Security+) are a plus.
• Strong work ethic and a sense of ownership for results.
• Excellent communication skills in English, both spoken and written.

To learn more about the company and its benefits, please visit Crypto.com. Crypto.com is an equal opportunities employer that values diversity and inclusion. Personal data provided by applicants will be used for recruitment purposes only. Only shortlisted candidates will be contacted.