Overview

As a member of the BitMEX Offensive Security team, you will play a critical role in proactive protection of BitMEX’s people, data, infrastructure and customers.

You will report to our Director of Offensive Security and will work closely alongside the Detection & Response, AppSec and Infrastructure Security teams. In this role, you will contribute towards and execute upon a comprehensive plan to proactively identify and mitigate technical risk across all BitMEX systems. You will achieve this through a combination of penetration testing, adversary simulation, red/purple team, ongoing vulnerability assessment activities and tools development.

This is a full scope role encompassing the testing of our cloud infrastructure, web applications, endpoint systems, and physical infrastructure. In addition you will develop, test and implement adversarial tooling to ensure we are constantly testing our preventative and detective security controls.

Responsibilities

  • Design / Build / Execute upon a world class, sophisticated offensive security program
  • Simulate real-world adversaries; ensure BitMEX is ready to defend against advanced threats from hacktivists through well funded nation state sponsored actors.
  • Proactively identify threats, design tools and mitigations to protect BitMEX infrastructure, data, customers and executives.
  • Coach security response teams in adversarial techniques and assist with the development of detective controls and testing of assumptions.
  • Liaise with internal teams, senior leadership and educate staff on
  • security risks.
  • Drive forward remediation in collaboration with other internal teams to ensure risks are mitigated adequately.

Requirements

  • 3+ years of experience in a Red Team / Full scope Offensive Security role
  • Strong software development skills in Python, Golang, Ruby, C, C++, or similar.
  • Deep knowledge of Amazon Web Services, GCP, and general Cloud infrastructure security.
  • Deep understanding of DevOps/CICD environments, attack vectors and mitigating controls.
  • Comfortable operating across a wide variety of platforms and technologies.
  • Demonstrated ability to create novel solutions to challenging problems; a natural ability to think outside the box.
  • A strong desire to keep our data safe, identify and mitigate threats before they are exposed by a malicious adversary.
  • Ability to travel to our Hong Kong offices on a quarterly basis.