Atato is a digital asset custody and cryptocurrency wallets provider. Our apps let individuals and businesses securely use DeFi, NFTs, and other decentralised applications. Our mission is to enable the next 100 million blockchain users. We partner with ConsenSys and Kaleido as one of the regional blockchain leaders. Based in Singapore, founded in 2018, atato has delivered flagship digital asset projects in South-East Asia.
We are remote-first since 2018, and offer attractive compensation including bonuses, health insurance, new laptop and stock-options. Our working culture is friendly and has no set working hours with unlimited vacation. The team meets quarterly for workshops and outings, and we have quarterly time-off for the whole company. We are results-oriented.
As a Security Analyst (title negotiable), you are an experienced security professional reporting to the CSO and responsible for implementing security policies and procedures. You have experience with integrating security operations into agile SDLC end to end, threat modelling, risk assessment and implementing security awareness. You can support developers in their day to day work to build secure software. Your responsibilities include incident response & handling, security monitoring, security analysis and vulnerability management including triage. You are familiar with the cyber kill-chain and abreast of modern attack TTPs. You are organised, with a familiarity and preference for established frameworks to govern your work such as MITRE, OWASP, etc. and systems like CVSS, CWE or others. You are already a member of, or able to join, security information sharing groups. Your security knowledge and understanding will be assessed and you welcome this challenge.
Support developers implementing company security policy and procedures for secure SDLC
Monitoring, identifying, investigating indications of compromise in systems
Incident handling and response (PICERL), inter-team liaison
Support team in identifying baselines and continuous monitoring of infrastructure
Threat modelling and Risk analysis (not responsible for risk management), PR review, design review
Vulnerability management, triage of security systems output (pipelines and monitoring)
Audits of information security infrastructure
Confident you match the description of this role and happy to be tested on security knowledge
Strong hands-on cybersecurity skills, knowledge, passion and experience
Experience with Incident response and handling (preferably regulated environments)
Deep understanding of operating systems, network/system architecture, protocols, services
Expertise in packet analysis, SIEM tools and triage
Capable of scripting/parsing data
Understanding of Info-sharing centres, attacker TTPs, IoCs, Threats, Vulnerabilities and Exploits
3+ years of security experience and passionate desire to continue learning new things
Nice to have
Certifications relevant to this position e.g. GCIH, GNFA, GCIA, CompTIA, CEH, OCSP etc
Experience with target mapping and profiling, responsible for network decoy and deception