DevSecOps / NodeOps Engineer

About Halborn

Already in 2021, the global cryptocurrency and DeFi industry has lost over $500M from hacks. The organization’s Halborn advises have suffered 0 financially impacting incidents. Founded in 2019, Halborn was born to solve the slew of adversarial problems unique to the cryptocurrency industry including but not limited to breaches, social engineering, stolen private keys, and economic hacks. Halborn’s clientele are the very best of the best blockchain companies as well as new startups with high growth potential.

Company Culture

Culture is a top priority in our 100% remote organization. Halborn is a globally distributed team of 25+, looking to grow our elite team of white hat hackers, security engineers and DevSecOps specialists who value independence, learning, big challenges and the ability to make big impacts in cutting edge technologies. The right candidate will be offered a full-time salary and equity. Perks include unlimited vacation days, company laptop, and opportunities for travel. Health Insurance is dependent on the applicant’s country of residence but readily available.

About the Role

We are seeking a DevSecOps/ NodeOps Engineer superstar with a passion to build their knowledge in the blockchain ecosystem. They’ll be working with our Engineering team and current DevOps Lead.

Responsibilities:

• Act as a liaison between Halborn account leads and Client development and executive teams.
• Perform analysis of application architectures and security patterns.
• Develop threat models in conjunction with architects and software engineering staff.
• Implement security tooling and support common integrated development environments.
• Participate and/or lead application vulnerability reviews and remediations.
• Document and communicate application risks and vulnerabilities to technical stakeholders.
• Develop and deliver Secure Developer Training and assists Dev teams with the various platforms we support, the candidate will also support tool operations for our platforms.
• Supports CI/CD and build pipelines with an understanding of quality and security gates and enables integration of automated solutions to increase security.
• Performs architectural reviews that are meant to identify and remedy architectural security flaws both as part of EARC sessions and in consulting engagements with dev teams
• Identifies application security weaknesses and provides recommendations to correct them.
• Provide risk assessments and data driven recommendations to management to increase or improve our security footprint.
• Work with broader ISO team on incident response and operational/strategic initiatives.
• Responsible for the use and operational maintenance of security-related systems and tools, actively works on tuning, enhancements, upgrades, and tool integrations.
• Evaluates and promotes new and existing security standards, tools, and solutions with a focus on automation and securing build pipelines for a shift left approach.

Requirements:

• Bachelor’s Degree in a related field plus additional related college courses or professional training and four to seven years of progressively responsible, directly related, experience required.
• One or more security certifications or a CISSP certification would be ideal
• Knowledge of secure development principles and of DevSecOps
• Must have a thorough understanding of web protocols TCP/IP, UDP, HTTP, HTTPS, SSL, TLS, etc.
• Experience with at least one programming languages (Go, Python, PHP, etc.).
• Experience with Git
• Experience with monitoring tools
• Knowledge of common vulnerabilities such as cross-site scripting (XSS), session hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
• Experience with micro service architecture
• Production experience with k8s and service mesh, logging, monitoring, etc
• Experience with Terraform/Ansible to manage Infrastructure/Configuration as code
• Experience with AWS and familiar with AWS services, components and common architecture patterns. Nice to have experience with Auzre, GCP, etc.
• Experience with CI/CD model and know how to secure the CI/CD
• Traffic and log analysis from a security perspective
• Familiar with OWASP/ SANS application vulnerabilities
• Experience with Secure Code Reviews

Nice to have / Not Mandatory

• Experience working within the blockchain / cryptocurrency ecosystem
• Experience setting up node / validator infrastructure
• Experience professionally or casually learning about, working in, contributing to cryptocurrency / blockchain / bitcoin / ethereum related projects.
• Experience in Node / Validator / Mining infrastructure
• Experience in any sector of cybersecurity / information security / infosec
• An MBA
• CISSP, CompTIA A+, Network+, Security+, or any relevant cybersecurity related certifications

All candidates who make it past 2nd round will be required to:

• Pass background and criminal record check
• Provide x3 relevant references