Security Engineer Apprentice

Copper • London, UK • 1m ago

Copper is a digital asset technology company dedicated to helping institutional investors safely acquire, trade, and store crypto assets.

Built and led by Dmitry Tokarev, a software and financial engineering specialist, the firm provides a comprehensive suite of custody, trading and settlement solutions that reduce counterparty risk and bring greater capital and operational efficiency to digital asset markets. At the heart of Copper's offering is Multi-Party Computation (MPC) technology – the gold standard in secure custody. Copper’s multi-award winning custody system is unique in that it can be connected to centralised exchanges, DeFi applications and even staking pools without the assets leaving the custody.

Built on top of this state-of-the-art custody, ClearLoop™ is the first solution in the market that overcomes a growing industry challenge; counterparty risk with exchanges. This solution underpins a full prime services offering, connecting global exchanges and enabling customers to trade and settle directly from the safety of their MPC-secured wallets. By reducing settlement time for transfers to a few milliseconds (without blockchain network dependency) and offering enhanced security measures, ClearLoop™ is rapidly reshaping the way asset managers trade and manage capital.

In addition to industry-leading security certifications, Copper has one of the strongest insurance coverages in the industry from an A+ rated insurer, positioning the firm as the partner of choice for institutions seeking to safeguard their assets.

Department environment

The Copper legal team is a collaborative and high energy group of smart, driven and intellectually curious lawyers and paralegals. We take our work but not ourselves incredibly seriously, tackling novel issues and supporting the business with focus, precision, and relentless good humour. We know and support each other deeply as professionals and humans. We proudly hold a range of passports and qualifications and speak as many languages as we have team members - diversity on all levels is deeply valued.

Our business is growing rapidly, both in terms of new people and new or enhanced products, and as a key support function the legal team has and continues to expand in a complimentary way. We need expert lawyers advising within their specialist areas, and for this reason we broadly break the team down into Product and Enterprise (including Commercial), Corporate and Regulatory. As we expand globally as a company, we are adding regional experts to help advise on the nuances of local legal and compliance regimes.

The Security Engineer plays a crucial role in the Information Security department, responsible for developing and maintaining Copper’s suite of security tools.

You’ll collaborate closely with the security teams to deploy and ensure the effectiveness of security controls across the business.

This exciting opportunity provides exposure to various aspects of security while working closely with technical teams from different parts of the organisation

Key Responsibilities of the role

Application Security

Assist with the triage of newly discovered vulnerabilities, and ownership of remediation efforts & tracking.
Champion for secure coding and infrastructure deployment(s) within Copper's development community.
Collaborate with the application security team to develop and improvement security policies and procedure.
Engage with numerous stakeholders to ensure security posture weaknesses (risks) are effectively understood and plans for their mitigation are in place.
Ownership of security tooling, including their end-to-end integration with current systems and tracking of associated alerting, as well as leading PoCs for new solutions.
Ownership of vendor communications, ensuring good working relationship with vendor stakeholders and associated partners.
Participate in the design and implementation of technical, scalable solutions to address current posture weaknesses, whether team or department based.

Security Systems Configuration and Analysis

Configure security systems according to specified requirements.
Analyse current security setups and recommend improvements to
enhance security posture.
Deploy and assess security baseline hardening (CIS, Microsoft, STIG).

Identity and Access Management (IAM)

Responsible for configuring and implementing Identity and Access

Management solutions and supporting systems, including Entra ID (AAD),

Manage permission settings and access controls to ensure secure and
efficient user access to company resources.

Security Practices and Technical Advice

Consult with staff, managers, and executives to advocate best security
Provide technical advice on security measures and potential

Create, improve, and advocate for security controls and policies throughout the business, in-line with industry-defined best practices, and ensure these requirements are effectively understood and adhered to.

Provide insight into emerging technologies and relevant domain areas, assessing their impact on Copper's current security posture.

Security Risk Management

Manage vulnerability scanning tools to identify and mitigate security risks
across endpoints and cloud infrastructure.

SIEM Management and Log Analysis

Implement solutions for log shipping to managed SIEM
systems, such as Microsoft Sentinel.

Scripting and Automation

Utilise PowerShell/Bash scripting for automation of security tasks.
Develop and maintain scripts for efficient operation and response within the security infrastructure.

Your experience, skills and knowledge

Essential

Microsoft 365 and Azure Security: Basic knowledge of Microsoft 365 and Azure Security tools.
AWS Security: Basic knowledge of AWS Security tools.
Device Management and Security: Basic Understanding in managing
and securing a diverse range of devices using Intune, Jamf Pro.
Scripting and Automation: Basic knowledge in using scripting
languages like PowerShell, Bash, and Python to automate security tasks,
streamline processes, and enhance system efficiencies.
System and Application Hardening: Basic understanding in the assessment and
hardening of operating systems and SaaS applications, adhering to CIS
and STIG standards.
Security Domain Knowledge: demonstration of interest in security and some exposure to domain knowledge

Desirable

Exposure to Intune Jamf pro and Jamf protect.
Compliance & Standards: Familiarity with standards like IS27001, SOC2,
and NIST CSF.
Regulatory and Compliance Awareness: Awareness of the global
regulatory landscape as it pertains to cryptocurrencies and digital assets.
Software Development Experience: experience with developing applications and using developer tools.
Cloud Proficiency: knowledge or exposure to key cloud concepts, best practice architecture (e.g., well-architected framework) and experience with core AWS services (e.g., EC2, Lambda, IAM).

In return for everything you can bring to Copper, we can offer you an exciting, challenging role in a fast-growing and dynamic business, with career opportunities and welcoming working environment.

If you think you have everything we're looking for and more, then we'd love you to apply for the opportunity.

Copper is an equal opportunity employer. We embrace diversity and equal opportunities in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be. So, bring us your experience, perspectives, and skills. It is in our differences that we will continue to grow and ensure Copper is transforming how institutional investors engage with digital assets. Copper is a Disability Confident Employer, please let us know if you have a disability. If you require us to provide any assistance during the recruitment process, then we would ask you to highlight this to us and we will be happy to accommodate.