Lead Security Engineer
Hex Trust is Asia’s leading provider of digital asset custody solutions for Banks & Financial Institutions, using leading-edge Blockchain technology. Led by innovators from the financial services industry, Hex Trust has built a proprietary platform that delivers a new way for financial institutions, asset managers, and corporations to safely and efficiently operate in the Blockchain ecosystem. Institutional adoption of digital assets and DeFi requires a fundamental shift in the way banks and financial institutions operate. Hex Trust is the link that connects the traditional financial world to the digital assets ecosystem.
We have a newly created position of Lead Security Engineer to help us grow our Information Security Team. You will be embedded into Hex Trust’s Developer environment, leading the DevSecOps efforts on our platforms. This role is technically hands-on and you, the applicant will need to bring your A game in deploying industry leading SecOps practices, frameworks, tool arsenal, and also be able to help design and architect solutions. The role, while highly technical, is a management position, you need to have experience in leading and managing successful teams. As you can see from our introduction, we are growing fast and attitude, passion and mission focus are just as important to us as your technical ability.
We expect that you are coming from a regulated or licenced environment, so you know how to build systems to conform to frameworks and guidelines such as OWASP, ISO, CIS and MITRE. You thrive in a CI/CD environment working with NodeJS, Typescript, Rust, Python languages and you have exposure or at least an understanding of the DeFi/Blockchain’s world.
Duties & Responsibilities
- Lead application security reviews and threat modeling, including Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Runtime Application Self-Protection (RASP)
- Working with enterprise wide security architecture for on-prem and cloud-based application security solutions such as SonarQube, Acunetix, Snyk and proficiency Undertake Vulnerability Management (Code, Application, Platform and System) activities to help protect the enterprise.
- Experience in working with Container environments on Docker, Terraform, Nomad, Consul and Ansible. The applicant should possess one or more common languages NodeJS, Typescript, Rust, Python.
- Ability to articulate complex topics (written and verbal) to both a technical and non technical audience.
- A strong team leader and people manager capable of demonstrating solid work ethic and commitment to achieving team and organisation goals.
- University degree (Information Security)
- SANS Institute, ISC2 or ISACA certifications such as : CISSP, GPYC, GEVA, GWAPT CISM,CASE, CASS, CSSLP, GWEB, GCPN
- Have significant integration experience as a software architect
- Be excellent in interpersonal and collaboration skills
- Be able to present proposals to technical and business audiences
- Be able to operate at an intermediate level of written and spoken communication
- Be excellent in communication skills and empathy towards customers
- Have good understanding of applied cryptography
Make a difference and get yourself noticed in a rapidly growing company, providing multiple opportunities for career and personal development. We are a dynamic, multi-cultural team of smart, motivated people based in brand new offices in the heart of Hong Kong’s Central business district. We’ll give you tough challenges, while offering rewarding results to match, as well as regular team and social events and flexible working arrangements when needed.
- Diverse and inclusive team: A diverse and international team who come from over 15 countries with diversity of both thought and background on a mission to disrupt the digital asset industry. We support each other and take pride in our achievements. We attract talent from well known global multinational companies and institutions.
- Ownership & learning-curve: Opportunity to make an active contribution to the growth story of one of the leading disruptors in the FinTech industry.
- Communication: We treat our staff like owners by being open, transparent, and providing regular communication about our direction and progress. We provide regular insight into decision making, strategy, and corporate-wide objectives and key results progress so that each of our employees is aligned and empowered. And we constantly strive to improve how we can communicate more effectively.
- Office: We offer both the flexibility to work remotely or to work in style and comfort from our modern office in Central, Hong Kong, the heart of the Asian financial services centre.
Hex Trust is an equal opportunity employer devoted to diversity and inclusion in the workplace. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status or disability status.
Something looks off?