Application Security Engineer

Application Security Engineer

About ABFinance ABFinance is a US-based firm building and enabling digital finance for the future. Their vision is to create a full financial ecosystem where digital assets, traditional finance, and everyday money management live in one seamless experience, made available to everyone. Founded by a team of innovators, traders, and compliance professionals, ABFinance's mission is to bring the emerging world of digital assets to everyone. Their flagship product is a secure, regulated crypto exchange building trading tools for both retail and institutional clients—including spot trading and yield generation products with a focus on compliance and security. Job Responsibility Conduct security assessments on business systems and infrastructure (Java/Golang/JS/C++) including but not limited to penetration testing, code auditing, and promotion of vulnerability and risk remediation. Track the latest industry vulnerabilities, conduct analysis and reproduction, perform internal impact assessments, and drive related vulnerability fixes. Integrate security requirements/best practices into the design, development, testing, and deployment phases to ensure the security of the entire software development lifecycle (SDLC). Familiar with Web3 industry-related products, identify vulnerabilities in business architecture, product processes, and logic, and promote their remediation. Develop security-related documentation such as source code security specifications, security solutions, remediation plans, and security best practices. Requirements: Bachelor’s degree or above; majors in Computer Science, Information Security, Network Engineering, or related fields are preferred. At least 5 years of work experience in Internet companies or Web3 industry companies, with relevant experience in security testing, auditing, and assessment. Familiar with the principles of common security vulnerabilities (not limited to OWASP Top 10), as well as their discovery methods, exploitation scenarios, mitigation measures, and remediation plans. Familiar with common vulnerabilities in Java/Golang/JS/C++ languages and related frameworks (e.g., Spring MVC/SSM/Gobin/GoZero vulnerabilities). Strong understanding of penetration testing, proficient in common testing tools, code auditing tools, and techniques. Proactive learning ability, strong logical thinking, and excellent communication, organization, coordination, and promotion skills. Preferred Qualifications: Submitted high-quality vulnerabilities on various national Security Response Center (SRC) platforms. Discovered vulnerabilities in programming languages or development frameworks and obtained high-quality CVEs. Experience in developing tools or platforms.