Senior security researcher

Posted: Feb. 14, 2022, 2:35 a.m. - Full Time - Cyberjaya or remote

Your role

As a Senior Security Researcher at Deriv, you’ll evaluate our security measures and the existing protections on our web and mobile applications through penetration testing. Your key responsibilities will be to analyse and validate external security reports and work closely with the developers in resolving security bugs. As a custodian of IT security, you’ll promote compliance with security best practices and awareness of the latest online threats. Your analytical mindset and understanding of security protocols will protect Deriv from new and emerging threats.

Your challenges**

  • Participate in security projects — scope the requirements, execute test plans, create result reports, and resolve the bugs.
  • Manage the organisation’s bug bounty program.
  • Perform vulnerability research and security testing of web, mobile, and network platforms to identify attack sources and protect the organisation against foreseeable attacks and mitigations.
  • Develop security assessment tools and processes to address identified vulnerabilities.
  • Handle tasks such as conducting reviews of the security infrastructure, monitoring automated security scripts, and identifying threats based on the results.

What you have

  • 4+ years of technical experience in web, mobile, and network security testing, source code reviews, security monitoring, and intrusion detection
  • University degree in IT or a relevant field, or equivalent work experience
  • OSCP, OSWE, CEH, Security+, eJPT, eWPT, CISSP, or any GIAC certification
  • Comprehensive experience in bug bounty programmes such as HackerOne, Bugcrowd, Synack, and Cobalt
  • Complete familiarity with writing custom code and scripts to investigate security threats
  • Understanding of attacks and mitigations such as timing, injection (e.g. form parameter/SQL), side-channel, DoS, buffer overflows, and DNS cache poisoning
  • Ability to assess the security impact of bugs and API inconsistencies
  • Deep understanding of encryption fundamentals and the OWASP Top 10
  • Solid knowledge and experience in OSI model, TCP/IP, and other industry-standard network defense concepts
  • Strategic and critical thinking, teamwork, good problem-solving, judgment, and decision-making skills
  • Good interpersonal skills
  • Excellent spoken and written English communication skills

What’s good to have

  • Experience with Linux and Windows operating systems, modern programming languages, and cloud environments like AWS
  • Experience in scripting/coding (Python, PHP, C#, Java, Ruby), building tools, and refactoring code
  • OSCP, OSWE, CEH, Security+, eJPT, eWPT, CISSP, or any GIAC certification

What we'll give you

  • Market-based salary
  • Annual performance bonus
  • Health benefits
  • Casual dress code
  • Travel and internet allowances

About us

We’re Deriv. We’re all about trading. We’re the geeky upstarts who pioneered an industry. That was more than 20 years ago, and we’re still going strong. Today, we work across continents and serve over two million traders from around the globe.

Join us. Grow with us.

Our team

We are the Information Security team. We’re the first line of defence against hackers and security flaws that may impact our trading operations and global client base. We manage threats and potential security risks through smart strategies, airtight policies, meticulous communication, and technical execution.