About Liminal
Liminal is a compliant and insured digital asset custody and wallet infrastructure provider. Launched in April 2021, Liminal Custody is a CCSS Level 3, SOC Type 2, and ISO 27001 & 27701 certified organization. Based in Singapore, Liminal has operations spread across APAC, MENA, and Europe, along with offices in Singapore, India, and UAE. The company has received an FSP license from FSRA in ADGM and initial approval from VARA. Liminal takes pride in supporting businesses with its qualified and insured custody (self and institutional) that enables stress-free safekeeping of digital assets for institutions. It also provides a cutting-edge wallet infrastructure platform that is secure, compliant, and automated and comes with a plug-and-play architecture for faster onboarding of developers, business partners, and government agencies.
Liminal is founded by Mahin Gupta (https://www.linkedin.com/in/mahingupta/), who previously co-founded ZebPay - one of India's largest crypto exchanges. The entire founding team at Liminal has extensive experience in designing and developing secure wallet architectures with operational efficiencies. Liminal is incorporated in Singapore and has operations across the globe.
Our website -
https://www.liminalcustody.com/
Our Blogs -
https://www.liminalcustody.com/blog/
Objectives And Day-to-day Activity Will Involve
- Participate in application security reviews including security code review, architectural design review, and dynamic testing.
- Implement security and cryptography solutions
- Detect design and logical vulnerabilities
- Build and maintain threat modeling framework
- Help Software Engineers in security best practices.
- Own and perform application security vulnerability management.
- Support the bug bounty program.
- Facilitate and support the preparation of security releases.
- Support and consult with Product and development teams in the area of application security.
- Assist in the creation of security training for developers.
- Assist in the development of automated security testing to validate that secure coding best practices are being used.
- Assist in Pen-testing practices (purple teaming)
- Work with external pen testing firms to manage third-party assessments
- Own the Secure SDLC process
- Taking initiatives to curb known abusive activity, and identifying unknown abuse vectors.
- Designing, researching, and executing attacks to challenge the blue team.
- Reporting on the red team engagements providing in-depth analysis of the security issues.
- Developing technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
- Writing comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.
- Implementing security best practices and new ideas to encourage innovation within your team.
- Making proposals across several teams on cross-functional security initiatives.
- Keeping abreast of the latest developments in crypto, DeFi and blockchain to feed the company's strategic orientations.
- Continually researching the current and emerging technologies and propose changes.
Skills And Qualifications
- At least 5 years of experience in the field of penetration testing.
- Experience in Software Development.
- Experience working with AWS technologies
- Familiarity with cloud security best practices.
- Familiarity with common libraries, security controls, and common security flaws.
- Deep understanding of Supply chain attacks
- Experience with OWASP, static/dynamic analysis, and common security tools.
- Deep understanding of network and web related protocols (such a TCP/IP, UDP, TPSEC, HTTP, HTTPS, protocols).
- Experience in vulnerability management lifecycle.
- Demonstrate strong written and verbal communication skills.
- Experience implementing Security Certifications
- Understand full attack lifecycle
- BS (or equivalent) in Computer Science, Computer Engineering, or related field.
Preferred Qualifications
- Experience in Digital Asset Wallets is a plus
- Experience submitting security issues in cryptocurrency wallets/exchanges bug bounty program is a plus
- OSCP, OSWE, GPEN or similar certification completion is a plus
- Understanding of applied cryptography
- Be a huge fan of blockchain technology and cryptocurrencies.
