About the company
Coins is the most established crypto brand in The Philippines and has gained the trust of more than 18 million users. Through the easy-to-use mobile app, users can buy and sell a variety of different cryptocurrencies and access a wide range of financial services. Coins is fully regulated by the Bangko Sentral ng Pilipinas (BSP) and is the first ever crypto-based company in Asia to hold both Virtual Currency and Electronic Money Issuer licenses from a central bank.
Job Summary
Responsibilities
π. Lead the Security Engineering team with a focus on corporate IT, cloud, infra and networking, and applications.
π. Lead and conduct VAPT/SAST/DAST/MAST activities etc, Source code review and threat modelling on various platforms such as infrastructure, web application and mobile applications
π. Author documentation of findings, analysis, remediation recommendations, report preparation and presentation of identified vulnerabilities/weakness
π. Lead the implementation and operation of secure development lifecycle and automation of security tools and scanner to ensure our products and systems are secure
π. Develop attack techniques, tool/ exploit development, intelligence analysis and adversarial tactics
π. Provide guidance to application and devops team on security best practices
π. Support remediation effort and track open issues and follow up to ensure remediation
π. Evaluate and implement new technologies while keeping in view the cybersecurity risks, technology risks and regulatory compliance;
π. Involve in reviewing various security aspects for new initiatives that interface and connect with external parties (like those involved in leveraging open standards and APIs);
π. Develop and implement a Cloud Security Design review process for cloud computing use, including IAAS, PAAS and SAAS implementations; Provide advice on data protection and security controls in Big Data and data analytic implementations;
π. To provide and bring in technical expertise to validate application, cloud and corporate office architecture, design, code, and implementation according to security standards across the company π. IT architecture and Platform suite including Data.
π. To Implement and manage security components within the platform (AWS Cloud implementation) around automation, access controls, compliance, alerting, and monitoring.
π. To recognize areas of security improvements within the platform and support a secure continuous delivery approach.
π. To assess the current Platform infrastructure and work with leaders to develop strategies and a roadmap for improvement.
π. Lead and implement endpoint security controls and security hardening baseline across all endpoints including system logging.
Requirements
π. Bachelor's degree in Cybersecurity, Computer Science, or similar. π. 10+ years working in a security engineering role within a crypto, web3, tech or banking company, with 2 years in a leadership role. π. Ability to to communicate effectively in English and Chinese π. A passion for solving complex challenges in high-growth startups. π. Self-motivation and drive to learn new skills. π. Recognized training or cybersecurity certifications (e.g., OSCP, OWSP, OSEP, OSWA or OSWE). π. In-depth understanding of common attacker tools and techniques, incident response, and prevention. π. Experience with AWS, and other cloud platforms is preferred. π. Experience with Okta, GSuite,PAM and cloud-based ZTNA services is preferred. πStrong communication skills with the ability to explain technical security and software concepts to a non-technical audience. π. Experience with Python, Java, Terrafor, and/or Kubernetes. π. Strong knowledge of common software development tools and infrastructure, including CI/CD tooling and pipelines. π. Published articles, journals, or blogs related to cybersecurity.