Security & Infrastructure Engineer

Bangkok, Seoul or Remote
We are looking for a full-time Security and Infrastructure Engineer to assist in designing and implementing bitfish’s security strategy. This position can start remotely with the goal of transitioning to one of our head offices over time.


    • Create standardized processes for securing validators and other bitfish systems
    • Implement security protocols that’ll protect validator nodes from both internal tampering and external attacks
    • Stay up to date and build on peer-to-peer networking security best practices, and research new attack vectors
    • Build infrastructure to monitor, detect and stop attacks in their tracks
    • Conduct internal + external penetration testing of bitfish systems, and provide remediation supports
    • Create, maintain and communicate threat models + risk assessments for all bitfish systems
    • Proactively make suggestions for improving bitfish products and internal processes
    • Evangelize security practices across the entire company


    • The highest level of integrity, ethics and compassion is required for this and any position at bitfish
    • Basic understanding of blockchain fundamentals, Proof-of-Stake, and staking pools
    • Working knowledge of risk assessment tools, technologies, and methods
    • Experience designing secure networks, systems and application architectures
    • Experience planning, researching and developing security policies, standards and procedures
    • Experience setting up and maintaining software in both data centers and cloud environments
    • Experience managing server infrastructures with high availability requirements
    • Expert knowledge with Disaster Recovery Planning and executions
    • Experience with penetration testing using tools such as Nessus, nmap
    • Experience protecting against and mitigating real world attacks such as DDoS
    • Deep understanding of sockets, full networking stack and Linux security
    • Ability to communicate security issues to peers and management
    • Experience securing distributed networks
    • Nice-to-have: experiences with web application attack vectors and defense strategies such as OWASP
    • Nice-to-have: knowledge of browser security model
Please share with us the biggest security vulnerability you uncovered or exploited in your cover letter. We want the best and brightest and are happy to accommodate. We will cover your travel, initial accommodations, handle your visa, and help you get acquainted with the new environment.