Crypto.com•15.02.26

AI SCORE 8.5 / 10

Application Security Engineer (Pentester) - Remote

$90K–$120K/year

Penetration Testing•BurpSuite•Web API Testing•Mobile App Testing•OWASP•Incident Response•Security Monitoring

About the Role

We are looking for an experienced Application Security Engineer (Pentester) remote to join our dynamic team at Crypto.com. In this role, you will be responsible for discovering security vulnerabilities through design review, source code review, and penetration testing, either manually or using automated tools. Your expertise will be crucial in enhancing our security posture and ensuring the integrity of our applications.

What You'll Do

Conduct thorough security assessments, including penetration testing and vulnerability assessments, to identify and remediate security flaws.
Participate in agile scrum meetings and provide professional recommendations on the design of security controls, libraries, and protocols.
Implement security control verification and risk detection through automated scripts.
Provide support on application-level security monitoring, intrusion detection, and incident response.
Conduct security-related training sessions for team members to enhance awareness and knowledge of security best practices.

Requirements

OSCP (or equivalent, such as CREST) certification is a MUST.
A deep understanding of OWASP Top 10 and the ability to detect and address logic flaws are highly desirable.
Minimum four years of experience in Web API testing and proficiency in using BurpSuite is preferred.
Experience with Mobile App testing, comprehension of jailbreaking/rooting a device, API hooking, reverse engineering, and de-obfuscation is highly beneficial.
Fluency in spoken and written English is essential; proficiency in Mandarin would be advantageous.

Nice to Have

Experience in working with security tools and frameworks.
Knowledge of secure coding practices and application security standards.
Familiarity with cloud security and DevSecOps practices.

What We Offer

Competitive salary and benefits package.
Remote work flexibility with a supportive team environment.
Opportunities for professional development and career growth.
Access to cutting-edge technologies and tools.
A chance to work in a rapidly growing industry with a strong focus on innovation.

Language Requirements

EnglishC1

Mandarin(optional)B1

BasicIntermediateAdvancedNative

Why This Job8.5 of 10

This role offers a unique opportunity to work in the rapidly growing Web3 industry as an Application Security Engineer. With competitive pay and remote flexibility, it's an attractive position for security professionals.

Salary Range

Required

0/1

Optional

0/1

Bonus

0/1

Who Will Succeed Here

→

Proficiency in using BurpSuite for effective penetration testing and vulnerability assessment of web applications, with a strong understanding of OWASP Top Ten vulnerabilities.

→

Self-motivated and disciplined individual who excels in a remote work environment, demonstrating the ability to manage time effectively while prioritizing tasks independently.

→

Experience with Incident Response protocols and Security Monitoring tools, showcasing a proactive mindset in identifying and mitigating security threats in real-time.

Learning Resources

→OWASP Web Security Testing Guideguide

→Penetration Testing and Ethical Hacking Coursecourse

→Burp Suite Essentialsbook

Career Path

Application Security Engineer (Pentester)(Now)→Senior Application Security Engineer(1-2 years)→Application Security Manager(3-5 years)

Market Overview

Market Size 2024

$5.4B

Annual Growth

15.6%

AI Adoption in Security

30%

Investment in Cybersecurity

+20%

Labour Demand for Penetration Testers

+25%

Avg Salary for Application Security Engineer

$120K

Skills & Requirements

Required

Penetration TestingBurpSuiteWeb API Testing

Growing in Demand

Cloud SecurityDevSecOpsThreat Hunting

Declining

Static Code AnalysisManual Testing Techniques

Domain Trends

Increased Focus on Cloud Security

With 94% of enterprises using cloud services, the demand for secure cloud configurations is driving the need for penetration testing in cloud environments.

Integration of AI in Penetration Testing

AI tools are expected to reduce testing time by 40%, as organizations increasingly adopt AI-driven security solutions to enhance threat detection.

Regulatory Compliance Demands

With 70% of companies facing stricter compliance requirements, penetration testing is becoming essential for meeting regulations such as GDPR and PCI DSS.

Industry News

Loading latest industry news...

Finding relevant articles from the last 6 months

All job postings are automatically gathered by algorithms. We do not review or verify listings, be careful when applying and do not sign-in with iCloud or Google services.