About the company
Uphold is an easy-to-use investments and payments app. Specialising in digital assets, we serve more than 10 million customers in 150 countries. We open around 3,000 accounts a day and provide consumers with a more versatile and cost-effective home for their daily financial lives. For businesses, we provide regulated infrastructure to connect crypto with fiat currencies. Today, we support over 200 digital assets, 28 national currencies and four precious metals. Our unique trading experience allows customers to trade directly between any supported asset or currency in one step - physical gold to Bitcoin, for example - saving both time and money.
Job Summary
What you’ll be doing primarily:
📍Working with the VP of Cyber Security to build a team of highly skilled Application Security individuals. 📍Help plan, prioritize, and manage our Application Security roadmap. 📍From within the Cyber Security team, collaborating with the Engineering teams to harden the codebase against attacks. 📍Working to integrate automated vulnerability assessments into the development lifecycle, then feed the results into that same cycle frictionlessly. 📍Thinking of and implementing new ways to automate and improve security across the application lifecycle. 📍Working with the Engineering team on the product security engagement plan to educate engineers by scaling up security champions, implementing a framework for security best practice, threat modeling, and input into design reviews. 📍Performing source code reviews across our projects in different coding languages. 📍Helping manage and nurture our bug bounty program, developing a cabal of known and trusted researchers who can help you tighten our applications’ defensive posture. 📍Helping choose and work with external formal pentesters, as they probe our applications for vulnerabilities. 📍Being involved in the design phase of the Software Development Life Cycle, embedding security architecture principles. 📍Working with the Privacy team to develop ‘privacy by design’ mindsets. 📍Writing and maintaining standards and other technical documentation.
Required qualifications:
📍Past experience with the primary responsibilities of this role and a history of high quality execution and ownership. 📍Diligently practiced your engineering craft, mastering your skills in multiple frameworks and codebases. 📍Experience in designing and implementing new architectures and technical strategies, while also looking after existing technology real estate. 📍A strong understanding of security protocols, encryption, and authentication mechanisms. 📍Experience with secure coding practices and familiarity with industry standards (e.g., ISO 27001, NIST) and relevant security frameworks, such as OWASP. 📍Fluent written and oral English skills.