Application Security Engineer II

Know the Company

CoinSwitch breaks down the complexities in Crypto, empowering the everyday Indian to make informed investment decisions on a simple and trusted platform. When we started up, Crypto was a field reserved for specialists. Today, over 20 million users trust CoinSwitch to learn, purchase and invest in Crypto. That makes us India's largest crypto app.

On CoinSwitch, users can invest in Crypto with a few simple taps, either as a one-time purchase or in regular intervals through an SIP. But simplicity is not a substitute for informed decisions. A CoinSwitch user spends 27 minutes on our appto learn about Crypto and Web3 through our educational content and understand the market sentiments through CRE8, the Crypto Rupee Index.

But we are just getting started. CoinSwitch not only plans to double down on making Crypto accessible to everyone but is on track to become the one-stop wealth-tech destination for every Indian.

For more information about CoinSwitch, find additional resources here: https://linktr.ee/coinswitchcareers

What You Will Do

• Experience in application security testing (SAST, DAST, penetration testing, threat modeling).
• Find bugs in web/mobile/backend applications/systems, REST APIs, & be able to spin up quick scripts to find the less cool ones.
• Screen flows, app architecture, secure SDLC, CI/CD pipelines, IAC, lambdas, list comprehensions, IAM, cloud storage etc.
• Understanding of security compliance standards (OWASP Top 10, NIST, ISO 27001)
• Experience conducting security training and developer awareness programs
• Familiarity with incident response, forensic investigations, and root cause analysis
• You are comfortable working with others who may challenge your views
• Enjoy problem solving, and find hacking interesting and fun

What You Should Have

• 4 to 7 years of experience in application security
• Familiarity with multiple classes of vulnerabilities including OWASP top ten.
• Knowledge of SAML / OAuth / Open ID Connect.
• Ability to automate security testing and improve productivity in security assessments.
• Solid understanding and knowledge of web frameworks and architecture.
• Ability to communicate and interpret security vulnerabilities to various audiences such as development and management teams.
• Experience in conducting security assessments in cloud platforms (SaaS, PaaS, IaaS).
• Experience in integrating and automating security in DevOps through implementing / buildin orchestration tools.

Life at CoinSwitch

We take great pride in what we do and are committed to our mission. And we have a lot of fun while at it!

Here's how we do things at CoinSwitch:

• Customer-first: That's the North Star. Everything we do is to make our users investment experience better and simplified.
• Ownership: We don't sport lab coats, but we experimenta lot. And we take ownership. We even have a catchphrase for this: Think big, fail fast, and build better.
• Data-driven: The source of truth. Simple as that.
• Fun: PS5, anyone Or do you prefer Foosball Or perhaps Carrom And yes, our HR team has a whole list of activities: Disco nights, offsites, gift boxes, and more!

Speaking of lists, the perks and benefits are so extensive, this space isn't enough. Here are a few:

• Parenthood: Up to 8 months of Maternity leave and 1 month of Paternity leave
• Gender Reassignment Surgery: Be the best version of you! We'll support you and reimburse your medical bill.

Disclaimer: We are an equal opportunity employer committed to building a respectful and empowering work environment for all people to freely express themselves amongst colleagues who embrace diversity in all respects. Including fresh voices and unique points of view in all aspects of our business not only creates an environment where we can all grow and thrive but also increases our potential to produce work that better representsand resonates withthe world around us.