BitGo is the leader in custody and security solutions with over $60B in assets under custody. Founded in 2013, BitGo is the first digital asset company to focus exclusively on serving institutional clients. In 2018, it launched BitGo Trust Company, the first qualified custodian purpose-built for storing digital assets and established BitGo New York Trust in 2021. BitGo also offers market leading trading, lending, and borrowing services and supports over 400 digital assets on its platform. BitGo provides the security and operational backbone for more than 500 institutional clients in 50 countries, including many of the world’s top cryptocurrency exchanges and platforms.
BitGo is looking for an Offensive Security Engineer to help build out and maintain our Threat and Vulnerability Management program. You will be part of a talented team of engineers that demonstrate superb technical competency, delivering mission critical infrastructure and ensuring the highest levels of availability, performance and security. Qualified engineers will have a background in penetration testing and/or ethical hacking.
- Perform penetration tests, code reviews, and document threat models.
- Plan and lead red team (hacking) exercise operations against the corporation for the purpose of training incident response teams.
- Develop tools and maintain the red team's operational infrastructure.
- Track and research the latest attacks and how they might apply to BitGo’s environments.
- Develop the red team roadmap and drive the direction for the red team program as a whole.
Required Skills & Experience:
BitGo is looking for people who are passionate about their craft, take full ownership for their work and projects, and believe in a transparent and collaborative culture with the goal of making BitGo successful.
- Experience with cloud security practices: Amazon Web Services, and Google Cloud.
- Experience with securing Kubernetes, Microservices, and APIs.
- Very Strong Experience with OWASP Top 10, and NIST Top 20 vulnerabilities.
- Proficiency with at least three (3) or more of the following: Mobile security, Application security, Vulnerability management, Infrastructure security, and Malware.
- Working knowledge in object oriented Software Development.
- Experience in drafting reports, documenting case details, and able to summarize findings and recommendations based on system analysis.
- Demonstrate strong written and verbal communication skills.
- Experience with using security monitoring and alerting systems.
- Solid scripting skills. (e.g., shell scripts, Perl, Ruby, Python)
- Solid knowledge of threat modeling, architecture, and design review.
- Minimum of 5 years working within Application Security.
- You are a huge fan of blockchain technology and cryptocurrencies.
- Security Certification: CEH, GIAC or equivalent pen testing cert.
- BS (or equivalent) in Computer Science, Computer Engineering or related field.
Why Join BitGo?
Disrupting an industry takes vision, innovation, passion, technical chops, drive to deliver, collaboration, and execution. Join a team of great people who strive for excellence and personify our corporate values of ownership, craftsmanship, and open communication. We are looking for new colleagues who bring innovative ways of thinking and problem solving, and who want risks to be part of the team that changes the world’s financial markets.
Here are some of the benefits of working at BitGo:
- Competitive base salary, bonus and stock options
- 100% company paid health insurance for employee, partner and dependents
- Up to 5% 401k company match
- Paid parental leave, Paid vacation
- Free commuter/parking pass; 5 min from Caltrain
- Free custom lunches, dinners and snacks
- Computer equipment and workplace furniture to suit your needs
- Great colleagues and inspiring startup environment
- Benefits may vary based on location.
Cryptocurrencies are the most disruptive change the financial services industry has seen in years. Join us and you’ll be able to look back and say you were part of the team that transformed investing.