Job Title

Aquanow, a leading infrastructure and liquidity provider that provides institutional and enterprise application platforms for digital assets globally. This is a unique opportunity to work alongside a highly-experienced team and contribute to the development of a high-growth trading and technology company.If you want to have your name in the success story of a globalizing company, we look forward to receiving your application to the winning Aquanow team!About the Role:We are seeking a seasoned Platform Security Engineer to lead all aspects of platform security. This is a senior role that blends both technical vision, leadership and a requirement for being hands-on in embedding security and resilience. The role requires excellent communication skills, the ability to drive and deliver a razor sharp path for improving Aquanows security posture across platforms and services.What Youll Do:Security Engineering and ArchitectureDevelopment and review of security architecture for all platforms, services, APIs and CI/CD pipelines.Lead and execute threat modelling efforts across the Engineering team.Lead and perform security architecture reviews and ensure technical decisions are aligned with risks and engineering velocity.Partner with Engineering and promote security practices such as hardening standards for applicable components, logging practices etc.Work with the broader Security team, Engineering and GRC to tune, scale security tooling, automation and secure processes.Design, review, and ensure security controls, including authentication/authorization, secret management, account takeover protection, and application layer threat detection.Work closely with developers to code securely from the outset and address issues early during coding and testing phases. Ability to conduct in-depth security reviews of application code.Enhance security tool accuracy and oversee vendor/open-source proof-of-concepts (PoVs).Evangelize security culture through security champion program and technical developer-focused security training.StrategicDefine and help execute a comprehensive platform security strategy that aligns with business, technology and product objectives.Establish KPIs, OKRs and reporting mechanisms.Guide Engineering teams in designing and integrating security aspects into Aquanows products, services, and software development lifecycle.Help to continue to develop team and security service capabilities across the Security domains in close collaboration with the broader Security and GRC teams.Youll Need to Have:10+ years of experience working with AWS cloud architecture and application security with a strong software engineering foundation.Expert understanding of mobile, web, cloud, container, and cryptographic technologies and security practices.Offensive security minded with in-depth knowledge of current and emerging cyber threats, testing procedures, and their mitigations.The ability to quickly and deeply learn new technology stacks and modern CI/CD pipelines, including Docker, Kubernetes, AWS, Node.js and gRPC.Experience with Javascript, Typescript, and Node.jsExperience with Java and related toolchainsExperience with manual source code review, and embedding security to code in production environments.Experience with deploying application security tools in the CI/CD pipelineRelevant certifications (e.g. OSCP, OSWE, GWAPT, CISSP) are a plus.Strong knowledge of security principles, best practices, and common vulnerabilities (e.g., OWASP Top 10)Experience with SAST, SCA, and DAST, with the ability to address real-world challenges in these areas.Familiarity with CI/CD tools such as GitHub Actions, Jenkins or CircleCI.Ability to work independently and problem solve.Strong independent critical thinking with the capability to form, check and challenge opinions through knowledge sharing.Skillful in assessing and managing security risks with a pragmatic solution-first approach.The Interview Process:Stage 1: A 45-minute intro with the IT Security LeadStage 2: A 60-minutes deep dive with the VP of EngineeringStage 3: A 45-minute video call with the CISOStage 4: Potential for a short follow up video call