Application Security Engineer

WOO Network

WOO Network

Southern Asia · East Asia · Oceania
Posted on Thursday, February 29, 2024

WOO operates a centralised exchange WOO X and a decentralised platform WOOFi, democratising access to top-tier liquidity and exceptional trading execution while keeping costs competitive. Our native token, $WOO offers token holders a unique position to participate, engage, and maximise the benefits of both the DeFi and CeFi ecosystem. Our team of highly-selected 180 employees is located in 12 cities worldwide 🚀

Our vision is to inspire confidence, higher performance, and joy in every user. We have a mission to provide the best liquidity on the best terms. We compete not just on price execution but also on integrity, user experience, innovative tools, and global opportunities.

About the opportunity:

We are looking for an Application Security Engineer who can join us along this mission and vision. You’ll become an integral part of the Security team, which is targeted to protect our properties and assets. Monitoring daily basis needs, improving the level of controls and also making sure our process meets compliance. Interested? Keep on reading!

What you’ll be working on?

As an Application Security Engineer, you will be setting security controls and design requirements during the software creation and development stage of the software lifecycle. Lead and involve constant and dynamic app security testing, ensures that security across all aspects of the software is uniform by setting up checkpoints.

  • Solid knowledge of web applications security, strong source code auditing skills, and understanding of the causes and solutions of the different types of security vulnerabilities.
  • Experience with at least one mainstream SAST and DAST tool, work with develop teams during all phases of the SDLC to ensure that applications are designed and implemented securely.
  • Understanding the basic techniques of penetration testing and security testing.
  • Sufficient understanding of cryptography and mainstream encryption and decryption algorithms.
  • Investigate vulnerability reports related to Woo products and services.
  • Support other security team projects such as threat modeling, vulnerability scanning and audits.

Who will you be working with?

WOO’s security team consists of Organization Security, Security Operation Centre (SOC), Application security and IT security. We cultivate talent based on a number of important qualities such as innovation, integrity, teamwork, openness, and courage. As an employee, there is no greater perk than having a top supporting cast to help you achieve your personal and professional goals.

What challenges will you face?

WOO competes within a dynamic and complex industry, with trends that are constantly evolving. Maintaining our edge requires a high level of engagement and passion. Producing impactful content requires critical thinking and organization, and team members must be able to operate autonomously in a results-driven environment. Communication skills will be put to the test as you will face many micro-interactions with industry partners, thought-leaders, and community members along the way. As a member of security team, the balancing of controls between developing and security policies is a major task you will need to solve base on the experience and communication with internal teams before you made decision, our goal is to provide top level secure service for customers.

What tools will you be using?

Application security related tools will include but not limited in static/dynamic code review system, penetration testing, bug bounty, vulnerability assessment, coding standard and the most important tools is your own experience. Tools has limitations but you don't.

What bring to WOO?

  • 5+ years of total experience in a security role.
  • Experience automating security tests in cloud based CI/CD pipelines,such as GitLab-CI or jenkins.(must be have)
  • Experience working with SAST, DAST, SCA testing processes and tools, such as Fortify, Chechmarx, Snyk, Acunetix or AppScan.(must be have)
  • Self-motivated and creative problem solver able to work independently with minimal guidance. (must be have)
  • Strong ability to work collaboratively across teams. (must be have)
  • Experience designing software security features including, but not limited to, access control features, logging and monitoring features, input validation and session management.(must be have)
  • Understanding working on applications deployed within GCP and K8S highly desired.
  • Experience with common attack techniques and conducting penetration tests.
  • Working knowledge of public and private key cryptography.
  • Bachelor's degree in computer science, computer engineering, cyber security or related field. Equivalent experience is also accepted.
  • Certifications such as OSCP or experience to get CVE number will receive favorable consideration but are not required.

Why work with us:

Join us in realising our vision in advancing decentralisation, and leading innovation in CeFi and DeFi. Enjoy work flexibility, a supportive team, and an environment that nurtures your ideas. Plus, expect a performance-based annual bonus for all contributors at WOO 💪

Getting the job

We're actively seeking talented individuals to join our team outside of our typical hiring schedule. This proactive approach allows us to connect with exceptional candidates like you even before specific positions become available.

On average, successful candidates go through five rounds of interviews and tests. Our hiring process begins by meeting with our People Team, who help facilitate the process of placing you in your new role. You can expect to share your experience and ideas in online video interviews with our hiring team, made up of management and potential new colleagues.

Submitting your resume now ensures that you're first in line when new opportunities arise. By doing so, you'll have a head start in the selection process and get a chance to showcase your skills and experience.

Get started on your application here!