Responsibilities - This is a dynamic role in a fast-changing business - but for example:
- Building application security processes and pipelines to contribute to the KF Development team's move to true Continuous Delivery and Continuous Improvement;
- Implementing "SAST" and "DAST" systems with the wider Kraken team and/or the Kraken Futures team;
- Implementing secrets management for cloud applications as part of the Kraken Futures DevSecOps team
- Working with the global team on Identity and Access Management projects and integration for Enterprise applications;
- Relating Kraken Futures business processes and requirements to Kraken controls and policies;
- Becoming an active part of the on call and disaster recovery structures within Crypto Facilities;
- Deputizing for the CISO and /or fulfilling DevOps responsibilities for the Development teams to cover absence, and to a certain extent capacity issues.
Requirements - Technical
- Code (or script) in at least one modern application development or utility language;
- Use Source Code Management and Document Management Systems to organize business function tasks and publish relevant material;
- Be a competent Linux user;
- Know how to build, run and deploy secure Docker containers;
- Be aware of how containers and microservices are configured, and can be secured and orchestrated, in particular using Kubernetes;
- Use open source tooling to programmatically test and verify the safety and integrity of bespoke software;
- Analyze data sets and produce reports using basic tools (e.g. SQL, POSIX stream processing tools, spreadsheets, ODBC, Python);
- Understand principles around secure Identity Management and Authentication;
- Understand the implementation of secure messaging systems in the context of privacy awareness, including GPG and encrypted instant messaging;
- Have a good basic comprehension of computer networks, the Internet, and supporting systems such as web servers and proxies;
- Understand DNS, SSL/ TLS, and how traffic on IP networks establishes end-to-end security and trust.
Requirements - Administrative and Security
- Work highly independently, with multiple stakeholders outside of the formal management structure;
- Write good quality policies, procedures and technical documentation;
- Nurture security awareness in the organization, produce material to support this, and relate this to the current threat landscape;
- Be familiar with risks introduced to organization by third parties, and processes to mitigate these;
- Take a risk-based approach to all facets of information security;
- Have a "finger on the pulse" of current challenges and exploits in the ecosystem;
- Be an active participant in a truly world class global security organization.
Qualifications (and supplementary industry expertise)
- A degree from an accredited institution, or equivalent relevant experience alongside a good level of general education;
- Optional: relevant and well-regarded certifications in cloud computing such as CKA (Certified Kubernetes Administrator), AWS Professional or Specialty levels, Google Professional level;
- Optional: advanced security accreditation such as CISSP, OSCP, CASP, Security+.
About Kraken Exchange
Founded in 2011, San Francisco-based Kraken is the largest Bitcoin exchange in euro volume and liquidity and also trading Canadian dollars, US dollars, British pounds and Japanese yen. Kraken is consistently rated the best and most secure Bitcoin exchange by independent news media. Kraken was the first Bitcoin exchange to have trading price and volume displayed on the Bloomberg Terminal, the first to pass a cryptographically verifiable proof-of-reserves audit, and is a partner in the first cryptocurrency bank. Kraken is trusted by hundreds of thousands of traders, the Tokyo government's court-appointed trustee, and Germany's BaFin regulated Fidor Bank.