Remote Web Offensive and Defensive Security Engineer

Description:

• Binance is a leading global blockchain ecosystem behind the world’s largest cryptocurrency exchange by trading volume and registered users.
• The company is trusted by over 250 million people in 100+ countries for its industry-leading security, user fund transparency, trading engine speed, deep liquidity, and an unmatched portfolio of digital-asset products.
• Responsibilities include conducting comprehensive security assessments, penetration testing, and vulnerability scanning of web applications to identify potential security vulnerabilities and risk points.
• The role involves providing professional security consulting and guidance during the product development lifecycle to assist the development team in designing and implementing secure web application architecture.
• Security audits on existing codes will be performed to discover and fix potential security defects.
• Participation in the construction and optimization of the company's security defense system is required, including WAF policy configuration and deployment of intrusion detection/prevention systems.
• The engineer will also participate in the response, analysis, and processing of security incidents, formulating and implementing emergency plans to reduce the impact on the business.
• Organizing and participating in internal security awareness training to enhance team members' security awareness and skills is part of the job.
• The role requires keeping an eye on the latest technologies and attack trends in web security and researching advanced security protection measures.

Requirements:

• A solid computer foundation is required, including familiarity with network protocols (TCP/IP, HTTP/HTTPS), operating systems, and databases.
• Proficiency in web security attack and defense is necessary, with an in-depth understanding of common web security vulnerabilities (such as OWASP Top 10) and their defense techniques.
• Candidates must be familiar with and able to skillfully use various web security testing tools, such as Burp Suite, Nmap, and Metasploit.
• At least proficiency in one or more programming languages (such as Python, Java, Go, PHP) is required to develop security tools or write security automation scripts.
• The ability to perform security audits on common programming language codes is essential.
• Experience in enterprise-level application security is required, including understanding the security risks of office collaboration systems and instant messaging tools.
• Familiarity with intranet security architecture and common risks, along with experience in intranet penetration testing, is necessary.
• Knowledge of data leakage prevention (DLP) technology and solutions is required to identify and prevent sensitive data leakage risks.
• Excellent problem analysis and problem-solving skills are essential for quickly locating and solving complex security problems.
• A strong willingness to learn, sense of responsibility, and ability to withstand work pressure are important.
• Good communication skills and a spirit of teamwork are required.

Benefits:

• Employees will have the opportunity to shape the future with the world’s leading blockchain ecosystem.
• The role offers collaboration with world-class talent in a user-centric global organization with a flat structure.
• Employees will tackle unique, fast-paced projects with autonomy in an innovative environment.
• There are opportunities for career growth and continuous learning in a results-driven workplace.
• A competitive salary and company benefits are provided.
• A work-from-home arrangement is available, which may vary depending on the work nature of the business team.