FreeHire

Blockchain.com

Crypto Security Engineer

Show

You will be embedded with Institutional Trading and FinOps to secure the operation of off-chain trading processes and infrastructure. You will map systems and data flows, assess risks, define target states and risk treatment plans, and drive remediation. You will implement monitoring and detection for abnormal trading signals, enforce key and secrets hygiene using KMS/Vault, triage SAST/SCA findings, participate in incident exercises and post-incident reviews, and produce concise control and risk documentation. This role does not require smart-contract auditing.

Responsibilities

  • Partner with Trading, Middle Office, and Quant teams to map inventory, data flows, third-party integrations, and custody/settlement touchpoints
  • Conduct deep-dive assessments of critical assets and workflows to identify vulnerabilities and draft Risk Treatment Plans to meet institutional standards
  • Act as security liaison for senior management and vendors, translate technical gaps into business risk summaries, evaluate vendors, and manage security posture improvement projects
  • Implement and maintain monitoring for FinOps-specific security signals and integrate detections into SIEM/SOAR for real-time response
  • Enforce secrets and key management practices using KMS/Vault, scope least privilege, and automate key rotation
  • Triage SAST and SCA findings for FinOps repositories and implement CI checks and remediation playbooks
  • Participate in incident exercises, post-incident reviews, and remediation tracking for trading incidents
  • Document controls and produce concise risk summaries for FinOps leads and security stakeholders

Requirements

  • 5+ years in security engineering, platform security, or application security
  • Proven expertise in threat modeling and structured reviews of complex data flows
  • Experience with observability and detection tooling (SIEM, logs, metrics) and ability to write detection rules
  • Practical experience with KMS, HSM, and secrets management platforms (Vault, 1Password, AWS/GCP KMS) and IAM patterns
  • Ability to translate technical debt into business risk for executive stakeholders
  • Ability to read, raise, and audit pull requests in TypeScript, Java, Kotlin, or Python
  • Experience conducting technical due diligence and scoping third-party security integrations
  • Nice to have: familiarity with trading systems, on-chain concepts, SOC operations, SOC2/ISO27001, and industry certifications