Blockchain technology is powering a growing wave of innovation. Businesses and
governments around the world are using blockchains to make banking more
efficient, connect with their customers, and investigate criminal cases. As
adoption of blockchain technology grows, more and more organizations seek
access to all this ecosystem has to offer. That's where Chainalysis comes in.
We provide complete knowledge of what's happening on blockchains through our
data, services, and solutions. With Chainalysis, organizations can navigate
blockchains safely and with confidence.
Chainalysis is seeking a dynamic and passionate Application Security Engineer
with experience to join our cutting-edge team. As a trailblazer in blockchain
forensics, we require a candidate with a strong understanding of application
security principles, excellent communication skills, and the ability to
collaborate with various stakeholders. A background in software development is
valuable. In this crucial role, you will safeguard our organization's critical
data and applications within cloud and application environments, contributing
to the advancement of our innovative blockchain solutions.
Key Responsibilities:
Proactively identify, assess, and prioritize security issues in cloud and
application environments, managing remediation processes
Collaborate with development teams to integrate security best practices
throughout the application development life cycle
Manage and optimize application security tools, such as JFrog Xray,
SonarCloud, and Burp Suite, ensuring alignment with organizational
security requirements and best practices
Develop and maintain Software Bill of Materials (SBOMs) for
applications, ensuring accurate tracking of software components and their
dependencies, and perform Software Composition Analysis (SCA) on the
SBOMs to identify and address potential security vulnerabilities, license
compliance issues, and outdated dependencies.
Implement and manage security workflows and processes, focusing on
application security testing to maintain a secure and compliant ecosystem
Develop and maintain meaningful security metrics for application security
tools and testing, evaluating effectiveness and alignment with
organizational security requirements and best practices
Provide support to internal users of security tools, promptly responding
to Jira tickets assigned to the security team, ensuring effective
collaboration and addressing security-related concerns
Conduct security assessments and penetration testing on applications and
systems to identify and address vulnerabilities
Develop and maintain security policies, procedures, and standards to
ensure compliance with regulatory and industry requirements
Perform comprehensive security reviews of applications hosted on AWS by
threat modeling, identifying potential vulnerabilities, and providing
remediation strategies.
Design, develop, and implement security automation using AWS security
services and third-party tools to automate the security review process for
applications hosted on AWS.
Key Technical Skills:
Knowledge of OWASP Top 10 vulnerabilities and mitigation techniques;
experience identifying and exploiting common vulnerabilities in web
applications and networks
Proficiency in web application security frameworks and tools, including
Burp Suite, Nmap, Metasploit, and experience with network and application
security testing
Familiarity with secure development practices, such as secure coding,
threat modeling, and security risk assessment
Experience in programming languages, using secure coding practices, such
as Python, Java, or Javascript, and familiarity with Agile and DevOps
methodologies
Knowledge of containerization technologies (e.g., Docker) and
orchestration platforms (e.g., Kubernetes)
Experience with security testing tools, including Sonarcloud, Jfrog, or
Burp, and integration into CI/CD pipelines
Experience using GitHub for secure code development and knowledge of
GitHub Actions for automated security testing and deployment pipelines
Experience with AWS security services and tools: Proficiency in AWS
security services such as AWS Security Hub, AWS Config, AWS Inspector, and
AWS GuardDuty, among others.
Understanding of Infrastructure as Code (IaC) security: Knowledge of
best practices for securing Infrastructure as Code (IaC) scripts, such
as AWS CloudFormation templates or Terraform scripts. Experience in using
tools like Checkov or Bridgecrew for IaC security scanning and
remediation.
#LI-BD1 #LI-Remote
At Chainalysis, we help government agencies, cryptocurrency businesses, and
financial institutions track and investigate illicit activity on the
blockchain, allowing them to engage confidently with cryptocurrency. We take
care of our people with great benefits, professional development
opportunities, and fun.
You belong here.
At Chainalysis, we believe that diversity of experience and thought makes us
stronger. With both customers and employees around the world, we are committed
to ensuring our team reflects the unique communities around us. Some of the
ways we're ensuring we keep learning are an internal Diversity Committee, Days
of Reflection throughout the year including International Women's Day, Harvey
Milk Day, World Humanitarian Day, and UN International Migrants Day, and a
commitment to continue revisiting and reevaluating our diversity culture.
We encourage applicants across any race, ethnicity, gender/gender expression,
age, spirituality, ability, experience and more. Additionally, if you need any
accommodations to make our interview process more accessible to you due to a
disability, don't hesitate to let us know. You can learn more here. We can't
wait to meet you.
Applying from the EU? Please review our Chainalysis Applicant Privacy Policy.
By submitting this application, I consent to and authorize Chainalysis to
contact my former employers, and any and all other persons and organizations
for information bearing upon my qualifications for employment. I further
authorize the listed employers, schools and personal references to give
Chainalysis (without further notice to me) any and all information about my
previous employment and education, along with other pertinent information they
may have, and hereby waive any actions which I may have against either
party(ies) for providing a reference. I understand any future employment
will be contingent on the Company receiving satisfactory employment
references.
