Security & Infrastructure Engineer

Bangkok, Seoul or Remote
Engineering
Full-time
We are bitfish, a staking project that’s changing how people interact with crypto. We’re creating a platform that will let anyone stake their crypto, contribute to network security, and earn a reward for doing so. Our core team includes Chun Wang, co-founder of F2Pool, a mining pool that has mined the most Bitcoin blocks in the world and is the second largest Ethereum pool, and David Knott, research scientist for OmiseGO, an Ethereum-based blockchain project implementing a currency agnostic decentralized exchange.

We are looking for a full-time Security and Infrastructure Engineer to assist in designing and implementing bitfish’s security strategy. This position can start remotely with the goal of transitioning to one of our head offices over time.

Responsibilities

    • Create standardized processes for securing validators and other bitfish systems
    • Implement security protocols that’ll protect validator nodes from both internal tampering and external attacks
    • Stay up to date and build on peer-to-peer networking security best practices, and research new attack vectors
    • Build infrastructure to monitor, detect and stop attacks in their tracks
    • Conduct internal + external penetration testing of bitfish systems, and provide remediation supports
    • Create, maintain and communicate threat models + risk assessments for all bitfish systems
    • Proactively make suggestions for improving bitfish products and internal processes
    • Evangelize security practices across the entire company

Requirements

    • The highest level of integrity, ethics and compassion is required for this and any position at bitfish
    • Basic understanding of blockchain fundamentals, Proof-of-Stake, and staking pools
    • Working knowledge of risk assessment tools, technologies, and methods
    • Experience designing secure networks, systems and application architectures
    • Experience planning, researching and developing security policies, standards and procedures
    • Experience setting up and maintaining software in both data centers and cloud environments
    • Experience managing server infrastructures with high availability requirements
    • Expert knowledge with Disaster Recovery Planning and executions
    • Experience with penetration testing using tools such as Nessus, nmap
    • Experience protecting against and mitigating real world attacks such as DDoS
    • Deep understanding of sockets, full networking stack and Linux security
    • Ability to communicate security issues to peers and management
    • Experience securing distributed networks
    • Nice-to-have: experiences with web application attack vectors and defense strategies such as OWASP
    • Nice-to-have: knowledge of browser security model
Please share with us the biggest security vulnerability you uncovered or exploited in your cover letter. We want the best and brightest and are happy to accommodate. We will cover your travel, initial accommodations, handle your visa, and help you get acquainted with the new environment.