Principal Security Architect

You will be the senior technical authority for security architecture, reporting to the CISO and partnering with Engineering. You will set architectural direction, review designs for major changes, and act as the reference point on the security of systems, protocols, and integrations. The role is predominantly architecture and assurance, with limited hands-on work in the cloud and integration space where reference patterns are needed. You will lead architectural decisions around signing infrastructure, multi-chain security, and governance across custody, settlement, and off-exchange surfaces. You will own identity and access architecture, cloud security patterns, and review vendor and protocol risk. You will contribute to security policy and participate in resilience exercises and incident reviews. You will communicate effectively with engineers, executives, auditors, and regulators without losing precision.

Responsibilities

• Hold formal security sign-off authority for major changes to platforms, infrastructure, and integrations.
• Shape and maintain the security architecture patterns, principles, and reference designs that engineering teams build against.
• Provide the senior technical security position in architectural and business decisions, including escalations where security and delivery pressures conflict.
• Provide architectural leadership over signing infrastructure including MPC-based signing, covering people processes and operational design.
• Review and approve changes to transaction construction, signing flows, approval policy, and key lifecycle operations.
• Provide architectural assurance over chain-of-trust constructs adjacent to custody including verifiable build pipelines and hardware-backed code signing.
• Reason at architectural depth across blockchains supported, including EVM, UTXO, and non-EVM families.
• Assess third-party smart contract architectures, implementations, and audit reports for exploit and risk surface without line-by-line code review.
• Review first-party integrations with partner networks and form a defensible security position on operational and contract risk.
• Provide architectural ownership of the security model for settlement, collateral mirroring, and off-exchange product surfaces.
• Reason about trust boundaries between custodians venues and clients and ensure architectural controls match obligations.
• Own identity and access architecture across Entra ID federated SSO OAuth2 OIDC SAML and modern authenticators.
• Govern entitlement design, privileged access, and access models for contractors, vendors, and external operators.
• Maintain architectural fluency in AWS and Azure including network topology segmentation secrets handling and platform telemetry.
• Produce reference patterns and where needed direct integration designs in cloud and platform space.
• Lead technical security review of vendors, integrated venues, and protocols, including challenge of assurances that do not stand up to scrutiny.
• Support client and counterparty due diligence on the technical content most likely to be misrepresented or under-specified.
• Maintain understanding of regulatory regimes applicable to licensed entities and translate architectural decisions into language Compliance and GRC can defend.
• Contribute to security policy, standards, and control framework development as the senior technical reviewer.
• Participate in resilience exercises and incident reviews where architectural input materially shapes the outcome.

Requirements

• Multi-chain architectural literacy across EVM, UTXO, and non-EVM account-based chains with the ability to reason about transaction construction and signing.
• Strong conceptual grasp of threshold signing, signature schemes, and key lifecycle, with the ability to design and challenge operational architecture around signing and MPC.
• Experience reasoning about settlement, collateral, and off-exchange constructs with clear understanding of trust boundaries.
• Identity and access architecture experience across Entra ID, federated SSO, OAuth2 OIDC, SAML, and modern authenticators, including entitlement governance.
• Cloud security expertise in AWS and Azure including the ability to produce reference patterns and limited direct integration designs.
• Architectural authority and judgement with a track record of sign-off on significant designs and defensible positions under uncertainty.
• Change review and assurance experience, including reviewing engineering and vendor designs and maintaining security posture.
• Excellent communication skills enabling credible dialogue with engineers, senior business stakeholders, auditors, and regulators.

Benefits

• Paid Time Off - a minimum of 35 days per year plus an additional day per year of service
• Comprehensive Medical Insurance including dental, optical, and mental health coverage
• Life Insurance
• Enhanced Pension Contributions with employer matching
• 24/7 Employee Assistance Programme (EAP)