About The Company

Chainalysis is one of the oldest crypto companies to offer on-chain analysis for its clients. They offer investigation and compliance tools to crypto companies, government agencies, regulators, and more. For example, an exchange can hire them to flag transactions coming from wallets associated with exchange hacks or known terrorists to make sure they do not engage with them. Chainalysis software has been used to solve some of the biggest high-profile cases in the crypto industry.

Chainalysis has its offerings in more than 60 countries. At any given time, there are hundreds of Chainalysis Jobs. If you're looking for a career in Chainalysis, there's a lot of categories to choose from in Engineering, Marketing, and sales. Host of the jobs are not remote. But since Chainalysis has its offices in multiple countries, most jobs should be very accessible. 

Job Short Description

Chainalysis is seeking a dynamic and passionate Application Security Engineer with experience to join our cutting-edge team. As a trailblazer in blockchain forensics, we require a candidate with a strong understanding of application security principles, excellent communication skills, and the ability to collaborate with various stakeholders. A background in software development is valuable. In this crucial role, you will safeguard our organization's critical data and applications within cloud and application environments, contributing to the advancement of our innovative blockchain solutions.

Key Responsibilities:

• Proactively identify, assess, and prioritize security issues in cloud and application environments, managing remediation processes
• Collaborate with development teams to integrate security best practices throughout the application development life cycle
• Manage and optimize application security tools, such as JFrog Xray, SonarCloud, and Burp Suite, ensuring alignment with organizational security requirements and best practices
• Develop and maintain Software Bill of Materials (SBOMs) for applications, ensuring accurate tracking of software components and their dependencies, and perform Software Composition Analysis (SCA) on the SBOMs to identify and address potential security vulnerabilities, license compliance issues, and outdated dependencies.
• Implement and manage security workflows and processes, focusing on application security testing to maintain a secure and compliant ecosystem
• Develop and maintain meaningful security metrics for application security tools and testing, evaluating effectiveness and alignment with organizational security requirements and best practices
• Provide support to internal users of security tools, promptly responding to Jira tickets assigned to the security team, ensuring effective collaboration and addressing security-related concerns
• Conduct security assessments and penetration testing on applications and systems to identify and address vulnerabilities
• Develop and maintain security policies, procedures, and standards to ensure compliance with regulatory and industry requirements
• Perform comprehensive security reviews of applications hosted on AWS by threat modeling, identifying potential vulnerabilities, and providing remediation strategies. 
• Design, develop, and implement security automation using AWS security services and third-party tools to automate the security review process for applications hosted on AWS. 

Key Technical Skills:

• Knowledge of OWASP Top 10 vulnerabilities and mitigation techniques; experience identifying and exploiting common vulnerabilities in web applications and networks
• Proficiency in web application security frameworks and tools, including Burp Suite, Nmap, Metasploit, and experience with network and application security testing
• Familiarity with secure development practices, such as secure coding, threat modeling, and security risk assessment
• Experience in programming languages, using secure coding practices, such as Python, Java, or Javascript, and familiarity with Agile and DevOps methodologies
• Knowledge of containerization technologies (e.g., Docker) and orchestration platforms (e.g., Kubernetes)
• Experience with security testing tools, including Sonarcloud, Jfrog, or Burp, and integration into CI/CD pipelines
• Experience using GitHub for secure code development and knowledge of GitHub Actions for automated security testing and deployment pipelines
• Experience with AWS security services and tools: Proficiency in AWS security services such as AWS Security Hub, AWS Config, AWS Inspector, and AWS GuardDuty, among others.
• Understanding of Infrastructure as Code (IaC) security: Knowledge of best practices for securing Infrastructure as Code (IaC) scripts, such as AWS CloudFormation templates or Terraform scripts. Experience in using tools like Checkov or Bridgecrew for IaC security scanning and remediation.

#LI-BD1 #LI-Remote