Senior Infrastructure Security Engineer

Overview

About BitMEX BitMEX stands as a globally leading exchange for crypto derivatives, offering traders a professional‑grade trading platform. Since its inception in 2014, BitMEX has maintained an impeccable security record with no coin lost ever. Our platform caters to cryptocurrency derivatives traders by providing low latency, deep liquidity, and maximum availability. Currently, BitMEX offers more than 100 derivatives contracts, 16 pairs for spot trading, and an easy covert function between 30+ different cryptocurrencies.

In 2015, BitMEX revolutionised the market by inventing the Perpetual Swap, which has since become the most widely traded crypto product. Demonstrating a commitment to transparency, since 2021, BitMEX has been among the first exchanges to regularly publish its on‑chain Proof of Reserves and Proof of Liabilities, ensuring that the funds available exceed the total client balances.

As a Senior Infrastructure Security Engineer at BitMEX, you will play a critical role in securing our infrastructure and development life cycles. You will drive the successful operation of our cybersecurity tool stack, maintain the security of our CI/CD pipelines, and continuously elevate our container security posture. Additionally, you will lead the deployment of Infrastructure‑as‑Code (IaC) security measures, integrating both automated and manual vulnerability testing processes to ensure robust protection across all environments.

• Secure Automation & IaC:
  Design and implement secure automation solutions across development, testing, and production environments, leveraging Infrastructure‑as‑Code paradigms to maximize scalability and reliability.
• Pipeline & Tooling Management:
  Implement, manage, and optimize security tooling for our infrastructure and CI/CD pipelines, enforcing strict configuration management and security best practices.
• Strategic
  
  Collaboration:
  
  Partner closely with Product and Platform teams to actively shape and contribute to the Cloud Platform strategic roadmaps.
• Technology Leadership & Innovation:
  Maintain extensive knowledge of advanced software principles and security architectures. Proactively identify long‑term technologies of interest and propose strategic development initiatives to keep the organization ahead of the curve.
• Industry Research:
  Continuously monitor the cybersecurity landscape and analyze cutting‑edge industry trends, threats, and best practices to ensure our security posture remains modern and resilient.

• 8+ years of professional experience in the cybersecurity industry.
• Deep expertise in security principles across infrastructure, applications, data layers, and integration points.
• Demonstrated ability to architect, develop, and integrate enterprise security solutions within the Secure Software Development Lifecycle (SSDLC).
• Track record of successfully managing complex, large‑scale security projects from inception to completion.

• Strong hands‑on experience with public cloud primitives, containerization, and modern orchestration tools (e.g., Kubernetes, serverless architectures).
• Proficiency with Infrastructure‑as‑Code (IaC) and configuration management (e.g., Terraform, Ansible).
• Experience building and securing CI/CD pipelines, applying Dev Sec Ops  principles to tools like Git Hub Actions and Helm.

• Advanced end‑to‑end troubleshooting skills for complex distributed systems and security incidents.
• Agile mindset with the ability to adapt quickly to evolving security threats and business priorities.
• A proven passion for tackling complex technological challenges and driving innovative solutions.

• Industry‑recognized security certifications (e.g., CISSP, CCSP, CCSK or GSEC).
• Deep understanding of Public Key Infrastructure (PKI), including lifecycle management and cryptographic principles.
• Technical expertise in Identity and Access Management (IAM) implementations and authentication protocols (e.g., SAML, OAuth, MFA, 2SV).

• Hands‑on experience with modern observability…