Application Security Business Partner (Web3)

TL;DR

Application Security Business Partner (Web3): Collaborating with development teams to embed security into the product lifecycle with an accent on threat modeling, vulnerability management, and secure architecture design. Focus on integrating security controls into CI/CD pipelines and ensuring system resilience within a crypto ecosystem.

Company

A leading technology company in the crypto industry specializing in mining infrastructure, payment services, and enterprise-grade crypto solutions.

What you will do

• Partner with development teams to analyze business requirements and assess security impacts.
• Conduct threat modeling for applications and services to define mitigation strategies.
• Oversee the implementation of security requirements throughout the development lifecycle.
• Perform security reviews of architecture, source code, and release artifacts.
• Manage vulnerability remediation processes in collaboration with engineering teams.
• Work with DevSecOps to integrate automated security scanning into CI/CD pipelines.

Requirements

• Hands-on experience in application security or a similar security engineering role.
• Strong understanding of OWASP Top 10, Mobile Top 10, and CWE Top 25 vulnerabilities.
• Knowledge of security standards such as OWASP ASVS and WSTG.
• Understanding of infrastructure, containerization, and microservices security.
• Ability to collaborate effectively across distributed engineering teams.
• English proficiency required for professional communication.

Nice to have

• Programming experience in Go, Python, or JavaScript.

Culture & Benefits

• Remote-first environment with fully flexible working hours.
• 20 days paid vacation plus 12 bonus days annually.
• 100% paid sick leave.
• Professional growth support including courses and certifications.
• Paid English lessons via iTalki.
• Compensation in USDT and access to internal mining infrastructure tools.