Security Engineer
Putting our end users in charge of their data is key to our mission. This means not only enabling them to access their data in a secure fashion themselves but also empower them with a secure and fine grained mechanisms to share whatever parts of this data they want with whom they want, for how long they want. Security and cryptography are thus at the heart of what we do, and we’re looking for an experienced security/crypto practitioner to bolster our existing expertise in the area. This is an unique opportunity to raise the level of play in our industry with a real impact to millions of end users.
You will have both a deep practical and theoretical understanding of existing key security infrastructure (including SSL, OAuth etc.) a keen awareness of historical and likely future attack vectors and real practical and theoretical insight int shortcomings of widely deployed solutions. Most of all you will need an appetite to change things for the better.
You will have a mix of theoretical and practical skills. Being stronger in one area is fine, but we are neither looking for someone who has lots of practical experience with finding vulnerabilities in deployed systems but never heard of concepts like random oracles nor someone who could derive a theoretically sound new public key exchange scheme but would lack the architectural and engineering expertise to actual produce a working system.
Main requirements
Duties
- Design and supervise the implementation of key parts of our security architecture
- Hardening our system against hacking attempts
- Develop threat scenarios, risk assessments and mitigation plans
- Communicate our security architecture and requirements to clients and partners and aid them in securely interfacing with us
- Lead compliance efforts, where necessary
About you
- You will have a good understanding of how individual crypto primitives work and how they can be combined into a system that provides strong security properties that can be formally reasoned about. You don’t just know to encrypt first and then MAC, but also why.
- Deep knowledge of SSL, OAuth and other key crypto standards and the practical challenges of achieving good security in the face of systemic weaknesses in widely deployed crypto.
Nice to have
Very Nice to haves:
- a peer-reviewed crypto or security journal paper, or a talk at a respected security conference
- being credited for disclosing a security vulnerability in a well known service, application or library
- contributions to important security tools or crypto libraries
- demonstrable crypto or security job expertise at an industry leader like Google or Cloudflare
Nice to haves:
* experience with security and compliance in a financial environment
Perks
- Competitive salaries *Bonus *Share Options *Healthcare *Pension *Team Breakfasts *Free Tea Coffee *Football Table *Table Tennis *Pool Table
Leave a Reply
You must be logged in to post a comment.