Position Summary
As a Security Engineer focused on blockchain and digital assets, you will be the primary architect of our defense-in-depth strategy. You will secure the end-to-end lifecycle of our digital assets—from low-level cryptographic key management and node infrastructure to the auditing of high-level protocol logic. You will work closely with Infrastructure and Software teams to build automated surveillance systems that protect our "Hardened Production Environment".
Key Responsibilities (Security & Research Focus)
- Threat Modeling & Vulnerability Management: Proactively identify, assess, and mitigate security risks across our institutional-grade custody infrastructure and blockchain integrations.
- Cryptographic Security Design: Design and audit secure key management architectures using FIPS 140-2/3 Level 3 HSMs and MPC/Threshold Signature Schemes.
- Smart Contract & Protocol Auditing: Conduct rigorous internal audits and formal verification of smart contracts to prevent vulnerabilities like reentrancy, overflow, or logic errors.
- On-Chain Surveillance & Incident Response: Build and maintain real-time monitoring tools to detect unauthorized private key usage, contract exploits, or anomalous liquidity movements. Lead the incident response process for all digital asset security events.
- Security Policy & Compliance: Partner with Compliance to translate regulatory requirements (AML/KYC, SOC 2) into protocol-level technical controls.
- Infrastructure Security Design: Ensure the integrity of our multi-provider node infrastructure by implementing strict network isolation (VPC), TLS pinning, and 2-of-3 validation checks.
Operational & Engineering Responsibilities
- Security Automation: Build and integrate automated security scanning, fuzz testing, and formal verification into our CI/CD pipelines.
- Hardened Infrastructure: Utilize Terraform and Kubernetes to deploy secure, immutable infrastructure components.
- Secure Governance Ceremonies: Design and oversee high-security "Key Ceremonies" and multi-signature governance workflows (Safe/Squads).
What We’re Looking For
- Cybersecurity & Blockchain Background: 5+ years in Information Security or Security Engineering, with at least 2 years focused on securing digital asset ecosystems or DeFi protocols.
- Deep Cryptography Knowledge: Advanced understanding of cryptographic principles (Digital Signatures, Hash Functions, MPC, TSS).
- Protocol Proficiency: Deep, demonstrable understanding of how different blockchains function at a protocol level (EVM and Solana).
- Programming Expertise: Strong command of Solidity and Rust, with the ability to "think like an attacker" to find novel edge cases.
- DevOps Fundamentals: Proficiency in Terraform, Kubernetes, and automated CI/CD workflows.
Nice to Haves
- Regulated Industry Experience: Prior experience in Banking or Finance-specific cybersecurity roles.
- Incident Response: Experience with forensic analysis of on-chain exploits and cross-chain fund recovery.
- Certifications: OSCP, CISSP, or specialized Blockchain Security certifications.