Binary.com Cyberjaya, Selangor, Malaysia
Jan 07, 2019Permanent
Security Researcher Binary.com is seeking a driven and analytical Security Researcher to perform penetration testing on our web applications, identify potential security issues, and assist our developers in patching security bugs. You will also manage our bug bounty programme which includes analysing and validating external security reports. Our company Binary.com is the award-winning leader in online binary options trading. Our customers trade on a number of financial markets including currencies, stocks, indices, and commodities using a patented binary options trading system. Launched in 2000, Binary.com is one of the oldest and most respected names in the industry. Today, we have more than one million registered clients from around the world with a recorded turnover of over USD 4.6 billion since we started operating. Our culture Binary.com is a vibrant and progressive company that blends the entrepreneurial spirit of a startup with the profitability and stability of a long-running business. We make every effort to foster a culture that values collaboration, individuality, and creativity. We care deeply about cultural and gender diversity. And we go to great lengths to foster a supportive, caring environment within a flat organisational structure. We value staff with a sense of fun and adventure, who are optimistic, and customer focused. Above all, you must agree with our strong emphasis on business integrity. Your skills and motivations You are a naturally curious and perceptive individual who can look at problems from multiple angles. You can put yourself in the shoes of a potential hacker in order to identify and predict security flaws in our systems. You always persevere with a task to the end –– even if there’s insufficient information to help you along. You are the type of person who thrives in a dynamic and challenging work environment. You approach even the smallest task with an open mind. Most importantly, you value the importance of constant, open, and honest communication. If you know what we can do to improve, we’re always open to your feedback. We always judge your suggestions based on merit, and not personal bias. We are looking for someone who loves to: Keep up with the latest news and trends in security research Do great work, and inspire people around them to do the same Work with highly talented people in an exciting, multinational environment Get things done in a no-nonsense manner Work without bureaucracy and hierarchy Analyse and optimise processes to handle unexpected situations more efficiently Be extremely hands-on, and also have a say in the company’s big picture strategy Have the latest tools and technologies at their disposal Learn and improve, day in and day out To excel in this role, you must have: Experience with web application security and testing, security monitoring, and intrusion detection Experience with fuzzing and finding edge cases in validation Understanding of encryption fundamentals and the OWASP Top 10 A good understanding of attacks and mitigations such as timing, injection (e.g. form parameter/SQL), side-channel, DoS, buffer overflows and DNS cache poisoning Able to assess the security impact of bugs and API inconsistencies Familiarity with industry standard tools such as Burp Suit and Metasploit Experience in writing custom code and scripts to investigate security threats A clear understanding of the OSI model, TCP/IP, and other industry-standard network defense concepts Knowledge of the latest industry trends and best practices in information security Extensive experience in bug bounty programmes such as HackerOne, Bugcrowd, and Cobalt OSCP, CEH, Security+, CISSP, or any GIAC certification is an advantage Your Role Binary.com’s IT team is responsible for the design, development, and operation of our high-traffic web applications. As our Security Researcher, we expect you to stay informed about the latest security bulletins and findings, and actively monitor our software development pipeline to find and raise potential security issues. As a strong proponent of open source, we encourage publication of findings, methods, and tools via GitHub and our technical blog at https://tech.binary.com/ You will also assist our developers in understanding and patching the bugs that you find. You will also encourage security awareness throughout the organisation via regular communication on security best practices and the latest online threats. You will: Check our systems against the latest attacks, vulnerabilities, and mitigations Identify attack vectors Conduct security reviews of production infrastructure Build security tools and processes for critical infrastructure monitoring, protection, and mitigation Perform regular pentesting of our web applications Monitor our automated security scripts and utilise them to identify threats Manage our bug bounty programme Remuneration and benefits You will enjoy a market-based salary; annual performance bonus; health benefits; a casual dress code; and travel and Internet allowances. If you need to relocate, we will provide work permits and relocation assistance for you and your family. Location Join us at our operational headquarters in Cyberjaya — Malaysia’s global tech hub that’s located only 30 minutes away from the capital city, Kuala Lumpur. This high-tech township seamlessly blends modern infrastructure with acres of green spaces and facilities, to give you the ultimate work-life balance. An adventure is never far away when you’re in Malaysia with its tantalising mix of vibrant cities, tropical rainforests, and paradise islands. It’s also one of the most culturally-diverse countries in the world with a multiracial population that loves to bond over its love for food. With warm weather all year round, a lower cost of living compared to most western countries, and easy access to public and private healthcare facilities, you’ll find Malaysia to be a welcoming home away from home.