More than 100,000 people have found their dream job through Fuzu.

Closing: Feb 1, 2022

15 days remaining

Published: Jan 3, 2022 (14 days ago)

Job Requirements

Education:

Bachelor's degree

Work experience:

2 years

Language skills:

English

Job Summary

Salary:

USD 1195USD 2390

Salary Period:

Monthly

Contract Type:

Full time

Your role

As a Security Researcher at Deriv, you’ll evaluate our security measures and the existing protections on our web and mobile applications through penetration testing. Your key responsibilities will be to analyze and validate external security reports and work closely with the developers in resolving security bugs.

As a custodian of IT security, you’ll promote compliance with security best practices and awareness of the latest online threats. Your analytical mindset and understanding of security protocols will protect Deriv from new and emerging threats.

What you have

  • 2+ years of technical experience in web, mobile, and network security testing, source code reviews, security monitoring, and intrusion detection

  • University degree in IT or a relevant field, or equivalent work experience

  • OSCP, OSWE, CEH, Security+, eJPT, eWPT, CISSP, or any GIAC certification

  • Comprehensive experience in bug bounty programmes such as HackerOne, Bugcrowd, Synack, and Cobalt

  • Complete familiarity with writing custom code and scripts to investigate security threats

  • Understanding of attacks and mitigations such as timing, injection (e.g. form parameter/SQL), side-channel, DoS, buffer overflows, and DNS cache poisoning

  • Ability to assess the security impact of bugs and API inconsistencies

  • Deep understanding of encryption fundamentals and the OWASP Top 10

  • Solid knowledge and experience in OSI model, TCP/IP, and other industry-standard network defense concepts

  • Strategic and critical thinking, teamwork, good problem-solving, judgment, and decision-making skills

  • Good interpersonal skills

  • Excellent spoken and written English communication skills What’s good to have

  • Experience with Linux and Windows operating systems, modern programming languages, and cloud environments like AWS

  • Experience in scripting/coding (Python, PHP, C#, Java, Ruby), building tools, and refactoring code

  • OSCP, OSWE, CEH, Security+, eJPT, eWPT, CISSP, or any GIAC certification

What we’ll give you

  • Market-based salary

  • Annual performance bonus

  • Health benefits

  • Casual dress code

  • Travel and internet allowances

About us

We’re Deriv. We’re all about trading. We’re the geeky upstarts who pioneered an industry. That was more than 20 years ago, and we’re still going strong. Today, we work across continents and serve over a million traders from around the globe.

Join us. Grow with us.

Our team

We are the Information Security team. We’re the first line of defence against hackers and security flaws that may impact our trading operations and global client base. We manage threats and potential security risks through smart strategies, airtight policies, meticulous communication, and technical execution.

Location

Cyberjaya, Malaysia


Responsibilities
Your role

As a Security Researcher at Deriv, you’ll evaluate our security measures and the existing protections on our web and mobile applications through penetration testing. Your key responsibilities will be to analyze and validate external security reports and work closely with the developers in resolving security bugs.

As a custodian of IT security, you’ll promote compliance with security best practices and awareness of the latest online threats. Your analytical mindset and understanding of security protocols will protect Deriv from new and emerging threats.

What you have

  • 2+ years of technical experience in web, mobile, and network security testing, source code reviews, security monitoring, and intrusion detection

  • University degree in IT or a relevant field, or equivalent work experience

  • OSCP, OSWE, CEH, Security+, eJPT, eWPT, CISSP, or any GIAC certification

  • Comprehensive experience in bug bounty programmes such as HackerOne, Bugcrowd, Synack, and Cobalt

  • Complete familiarity with writing custom code and scripts to investigate security threats

  • Understanding of attacks and mitigations such as timing, injection (e.g. form parameter/SQL), side-channel, DoS, buffer overflows, and DNS cache poisoning

  • Ability to assess the security impact of bugs and API inconsistencies

  • Deep understanding of encryption fundamentals and the OWASP Top 10

  • Solid knowledge and experience in OSI model, TCP/IP, and other industry-standard network defense concepts

  • Strategic and critical thinking, teamwork, good problem-solving, judgment, and decision-making skills

  • Good interpersonal skills

  • Excellent spoken and written English communication skills What’s good to have

  • Experience with Linux and Windows operating systems, modern programming languages, and cloud environments like AWS

  • Experience in scripting/coding (Python, PHP, C#, Java, Ruby), building tools, and refactoring code

  • OSCP, OSWE, CEH, Security+, eJPT, eWPT, CISSP, or any GIAC certification

What we’ll give you

  • Market-based salary

  • Annual performance bonus

  • Health benefits

  • Casual dress code

  • Travel and internet allowances

About us

We’re Deriv. We’re all about trading. We’re the geeky upstarts who pioneered an industry. That was more than 20 years ago, and we’re still going strong. Today, we work across continents and serve over a million traders from around the globe.

Join us. Grow with us.

Our team

We are the Information Security team. We’re the first line of defence against hackers and security flaws that may impact our trading operations and global client base. We manage threats and potential security risks through smart strategies, airtight policies, meticulous communication, and technical execution.

Location

Cyberjaya, Malaysia


  • Participate in security projects — scope the requirements, execute test plans, create result reports, and resolve the bugs.

  • Manage the organization's bug bounty program.

  • Perform vulnerability research and security testing of web, mobile, and network platforms to identify attack sources and protect the organization against foreseeable attacks and mitigations.

  • Develop security assessment tools and processes to address identified vulnerabilities.

  • Handle tasks such as conducting reviews of the security infrastructure, monitoring automated security scripts, and identifying threats based on the results.


Applications submitted via Fuzu have 32% higher chance of getting shortlisted.