Job Opportunities at Luno

Your mission will involve:

• Being part of the integral foundation of the Luno platform, you will get to apply your knowledge and experience to the various SRE projects at Luno.
• Building and scaling infrastructure, version control systems and CI/CD processes on the Luno platform by applying and enforcing Infrastructure as Code, which is accessed by over 8 million customers, in nearly 50 countries through various phases of the crypto trading lifecycle.
• Being security first when building scalable infrastructure
• Preparing on being scalable for the next crypto bull run
• Enabling other teams to scale by provisioning infrastructure that scales
• Being compliant with various security and legal/compliance audits that we apply for and encounter in the crypto industry

A little about you?

• Prior experience in a software engineering / DevOps / Site Reliability / Platform engineering role.
• Experience with setting up, deploying, scaling, and managing containerised environments using Kubernetes in production
• Experience in managing large infrastructure projects using Terraform
• Experienced with setting up, deploying, and managing various AWS services

What stack will you be working on:

• Terraform - IaC
• Kubernetes - Orchestration
• AWS - Infrastructure
• GitLab - CI/CD
• Prometheus, Thanos, Grafana - Observability
• Hashicorp Vault - Secrets
• Aurora MySQL - Databases

go to method of application »

About the team: 

• Luno's Cyber Defence team utilises industry leading security tools and platforms to move fast, be agile and dynamic to protect Luno against security threats globally. Our mission is to operate a leading cyber defence program.

The role in a nutshell:

• As a Senior Security Analyst, you will be responsible for evaluating and strengthening Luno’s defensive security controls by Continuously assessing them for vulnerabilities to prevent hacking attempts and to ensure an overall strong security posture.
• Responding to incidents reported to/in the SOC (Security Operations Center)
• You will be responsible for the protection and maintaining the security posture of Luno whilst assisting the Cyber Defence team in implementing, operating and monitoring technologies such as IDS (Intrusion Detection System) / IPS (Intrusion Prevention System) / Incident Management / Antivirus Platforms and similar technologies as well as respond to any incidents or alerts that these platforms produce.

Your mission will be:

• Carrying out endpoint, application and other relevant security related audits in accordance to the company vulnerability and threat management framework and organisational requirements.
• Maintain and develop endpoint security policies through Luno’s MDM solution.
• Ability to configure and maintain EDR solutions.
• Identify, and successfully troubleshoot and resolve Malware related incidents.
• Develop or recommend mitigating controls to reported cyber related incidents.
• Keep up to date with latest vulnerabilities and cyber attacks againsts technologies used by the company.
• Analyse the risks in accordance with the risk management framework of the company and communicate with the risk management team.
• Independently own, manage and execute security projects.
• Configure and maintain SIEM solutions.
• Respond to incidents detected within the SOC (Security Operation Center) and collaborate with engineers for remediation.
• Develop and maintain audit checklists for remediated risks to ensure auditors can continuously monitor compliance and residual risk.
• Report findings to the Information Cyber Defence Manager.
• Recommend actionable security improvements to Luno’s defenses.
• Stay abreast with industry best pracitces such as ISO27001, NIST CSF, CIS benchmarking.
• Lodge vulnerability findings with relevant teams that get reported into the vulnerability disclosure program.
• Actively engage with teams to provide solutions that ensure Luno’s security posture is maintained or enhanced.
• Create Standard Operating Procedures for team members
• Collaborate with system owners and take ownership of remediation tracking and report writing.
• Oversee User Awareness Program

A little about you:

• Real-world experience in the Information Security field.
• Proficient with Linux operating systems
• Networking protocols and analysis
• Experiencing in automation and development of scripts in any language.
• Working knowledge and experience with:
• Antivirus software and EDR solutions
• Intrusion Detections Platforms
• Intrusion Prevention Platforms
• Security Information and Event Management platforms
• Implementing industry cybersecurity frameworks and standards
• Strong analytical skills
• A passion for learning
• Strong communication and report writing skills

go to method of application »

The role in a nutshell:

• We're building teams to help us succeed in our mission to upgrade the world to a better financial system. You’ll be joining a group of highly motivated software engineers who you’ll work collaboratively with across our pods.As a fast-growing company with offices around the world, you’ll immediately see how your contributions directly impact both our internal users and client experience. Many of the problems we are solving result in trail blazing solutions which can’t be found on Stack Overflow; so we’re looking for engineers who flourish working in a complex domain.

Your mission will be:

• Build distributed microservices that are accessed by 10m customers from across the globe.
• Design, build and maintain advanced applications services.
• Collaborate with cross-functional teams to define, design, and ship new features.
• Write testable, maintainable code for robustness and reliability.
• Work on bug fixing and improving application performance.
• Write code that directly affects users, the company and the Bitcoin ecosystem.

A little about you:

• A proven background in computer science in areas such as algorithms, data structures, and software design.
• Extensive programming experience in Backend based technologies. Go(lang) is preferable.
• A continuous improvement mindset.
• BSc/MSc/PhD in computer science or other technical discipline, or equivalent working experience.
• To be friendly, transparent, articulate and driven to succeed.

What stack we work on:

• Kotlin, Swift & Angular
• Go(lang), gRPC
• Kubernetes (EKS), Docker
• CloudFlare, CloudFront, nginx
• MySQL (RDS), Redis (ElastiCache), etc
• Prometheus, Grafana, CloudWatch, Jenkins

go to method of application »

The role in a nutshell:

• The main focus of this role will be to shift left with security and to aid in the empowerment of engineers in becoming application security champions. This includes using a specialised skill set to design and automate continuous security testing at all pre-deployment stages (where applicable), enable the measurement (and performance) of threat reduction at said stages and work closely with the Agile Delivery team, Backend and Mobile engineers, SREs and other Security resources to achieve our joint vision of making Luno the safest and most trusted cryptocurrency company in the world.

Your mission will be:

• Support and consult with product and engineering teams in the area of application security, including threat modelling and AppSec reviews
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
• Support and assist in managing our bug bounty program.
• Author, share and contribute to documentation on application security processes, tooling and other resources to ensure collaboration and transparency within your own team and throughout the greater organisation.
• Design and implement continuous application security testing mechanisms to aid in assessing our security posture and furthermore, drive down the number of vulnerabilities and threats in our environment.
• Inform, support and empower our software engineers to strive towards becoming more vigilant, aware and capable secure coding practitioners. This includes developing structured and unstructured engagements such as, targeted and general training, one-on-one and one-to-many coaching/information sharing sessions and general enquiry handling around application security.

A little about you:

• Experience in vulnerability management and enhancing and/or contributing to the security within application source code.
• Experience in securing CI/CD pipelines on Cloud platforms. Ideally AWS with the AWS Developer Associate certification being advantageous
• Deep understanding of security best practices on technologies mentioned above
• Team player, willing to pitch in wherever needed
• Keen interest in application security and vulnerability management
• Understanding of the Software Development Lifecycle
• Basic development or scripting experience and skills. Golang, Python, JavaScript, and Java/Kotlin are preferred.
• Familiarity with some common security libraries, frameworks and tools (e.g. static analysis tools, proxying/penetration testing tools).
• Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).