Senior DevSecOps Engineer

BitMEX is the world’s leading cryptocurrency derivatives trading platform, which has pioneered cryptocurrency trading through relentless commitment to change, and continues to set benchmarks for innovation, liquidity, and security today.

As the world's most advanced peer-to-peer crypto-products trading platform and API, BitMEX gives knowledge, confidence, and precision to hundreds of thousands of traders, transacting billions of USD a day.

About BitMEX

BitMEX was one of the first crypto exchanges for derivatives. It exists to provide institutional and professional traders with a platform that caters to their needs.

BitMEX created the Perpetual Swap, the most popular crypto trading product in history. It is the only major global exchange that continues to create new cryptocurrency derivative products, most recently, the ETH Staking Swap. 

On BitMEX, users can trade cryptocurrency derivatives on a professional trading platform that provides low latency, deep liquidity and constant availability.  Since 2014, no cryptocurrency has been lost through intrusion or hacking, allowing BitMEX users to trade safely in the knowledge that their funds are secure. Spot trading is also supported, as well as the purchase and conversion of cryptocurrency - BitMEX supports 45+ derivatives contracts, 11 pairs for spot trading and the ability for users to convert 30+ cryptocurrencies. 

We are looking for individuals who are determined, responsible and collaborative to join BitMEX as we continue to build a thriving cryptocurrency ecosystem. We value attention to detail, speed and simplicity. As a global business operating a 24/7 exchange, we seek out those who are adaptable and can work across markets and timezones. 

For more information on BitMEX, company initiatives and our products, please visit the BitMEX Blog or www.bitmex.com, and follow LinkedIn, Discord, Telegram andTwitter.

Overview

The goal of a DevSecOps Engineer is to proactively identify and help mitigate technical risk in all software & infrastructure pipelines within BitMEX. They will achieve this through a strong partnership with DevOps, with a combination of security gate implementation & management, security control administration and overall reporting. While working closely with DevOps, they will be working alongside, and supported by Detection & Response, AppSec and Vulnerability Management security functions.

Key Responsibilities

• Design and implement secure automation solutions for development, testing, and production environments
• Collaborate with Product Management and Architects to contribute to the roadmaps of CI/CD Pipeline
• Implement security controls, best practices and configuration management 
• Hands-on contributor and code reviewer on DevSecOps related projects
• Employ infrastructure as code paradigm to increase automation, scalability, and reliability
• Perform technology watches related to industry trends and best practices.
• Maintains extensive knowledge of state-of-the-art principles, theories, and practices around all things software-related. Identifies and recommends long-term technologies of relevant company interest and proposes long-term development strategy on cutting-edge trends and developments in area of expertise.

Qualifications

• 10+ years of security industry experience
• Experience building tools for Continuous Integration and Continuous Deployment systems. Familiarity with DevSecOps principles for integrating security solutions in products like Jenkins, Helm, ArgoCD.
• Modern infrastructure and application development experience using public cloud primitives. You should be familiar with kubernetes, serverless architecture and infrastructure as Code(IaC) tools like Terraform, Ansible, Chef
• Solid experience in deploying and configuring Git based Source Code Management solutions, such Github, Gitlab
• Proven experience and understanding of security principles across infrastructure platforms, data layers, integration points, and application layers.
• Demonstrated experience architecting and developing security solutions during the secure software development lifecycle program or secure lifecycle improvement efforts and managing large scale projects to completion
• Adapt to evolving security and business priorities quickly and effectively. Loves new technological challenges and excels at solving them.
• End to end troubleshooting experience

Good to have

• Common security certifications such as GSEC, CEH, CISSP, CCSP, or CCSK.
• Good understanding of Public Key Infrastructure (PKI)
• Technical understanding of management implementations for identity like MFA, 2SV, SAML, OAuth, OIDC.
• Experience with Grafana/Loki/Prometheus/Thanos, Graphite, Fluentd
• Experience with data templating languages like Jsonnet or related a plus

#LI-CH1

Join us, as we build a thriving cryptocurrency ecosystem through strategic investments in emerging cryptocurrency technology, and create the future of digital financial services.