Who We are and our Vision

CoinSwitch is the fastest growing Fintech company in India with a user base of 10M+, in just 15 months and growing every second.  Currently we make buying and selling crypto as simple as online shopping - but at CoinSwitch we are not only building a unique product, we are defining an industry.  Everyday we work on industry first problems with the resolve to bring out the best and most simple solutions for our users. Majority of these users are investing for the first time in their lives - not just in crypto but in any asset class. Their trust is what humbles us and drives us to do better. As we go on, we would not only double down on making crypto accessible for everyone, but we’ll also grow with our users and be a one stop shop for all their investment needs. 

 So if you are someone who thrives on problem solving, takes ownership, bleeds for your users and is excited about the mission of ‘Making money equal for all’ ; we are waiting for you!

Some interesting stats about us - 

1. 4 million + Monthly active users
2. Monthly GMV of USD 1 Billion+ in trades
3. 60% users are from T2 and T3 cities - we are building for complete India
4. An average of 10+ experiments live at any point
5. 13.5 min is the average engagement time of a user/day …. Curious? Let’s chat

BTW we just added 200 users while you were reading this :)

Our Values 

• Customer First Approach
• We take ownership
• Disagree & commit
• Everyday is DAY 1
• Think Big & Fail Fast
• Data-driven decision making

About the Role

The Application Security Engineer at CoinSwitch Kuber is responsible for partnering with our developers to help ensure that the code we write does not expose us to any additional risk. Part penetration tester, part integrator, part educator, the ideal candidate understands that application security is not just about finding problems but also about integrating their tools into the CI/CD pipeline and helping developers understand how to leverage those tools to identify issues in their code.

Responsibilities

• Examine CoinSwitch products in detail to discover vulnerabilities and collaborate with the other security engineers to practically demonstrate the exploitability and risk factors.
• Be on the forefront of emerging vulnerabilities / threats which could affect CoinSwitch and its operations.
• Review, select, deploy, and integrate SAST and DAST solutions for use within CoinSwitch, document their use, and train our engineers on how they can leverage them to create better code.
• Engage with developers in developing mitigation plans for identified risks and ensure they are both understood and implemented per policy.
• Drive thematic security assessments to discover and exploit vulnerabilities in our code.
• Engage with the development teams to conduct secure design reviews / threat modelling exercises to enumerate threats and mitigation strategy.
• Enable the developers with knowledge of threat modelling by conducting focused workshops.
• Build and maintain a robust DevSecOps pipeline.
• Create secure coding principles for the company and propagate them across the development community.

What are we looking for?

• 6 to 9 years of experience in application security
• Familiarity with multiple classes of vulnerabilities including OWASP top ten.
• Knowledge of SAML / OAuth / Open ID Connect.
• Ability to automate security testing and improve productivity in security assessments.
• Solid understanding and knowledge of web frameworks and architecture.
• Ability to communicate and interpret security vulnerabilities to various audiences such as development and management teams.
• Experience in conducting security assessments in cloud platforms (SaaS, PaaS, IaaS).
• Experience in integrating and automating security in DevOps through implementing / buildin orchestration tools.

What we do at CoinSwitch Security

As part of CoinSwitch’s world class engineering team, the focus is on solving real world unique problems in the world of blockchain and finance technology. Our engineering team works on most cutting edge technologies and on a variety of them. The pace things move at CoinSwitch makes security problems more challenging.Our tech culture is vibrant, open and we believe guardrails rather than the roadblocks as part of our CoinSwitch culture. At CoinSwitch Devs has been given as much freedom to experiment and play with tech as much as possible while as security engineer the responsibility is to make sure that nothing goes wrong from security perspective. To achieve the same we are in the process of building full-fledged product security vertical that would be aimed at multiple things, some among which would be doing a bunch of internal VA/PT, dev-sec-ops, tooling (open-source - huge fan, commercial, inhouse built - by our own security team folks), processes, infrastructure security, incident response, backend, web & mobile application security and fintech specific security challenges.