Senior Security Engineer

About the engagement

Bitcoin.com is seeking an experienced independent candidate to provide senior-level security engineering services for our products and infrastructure, spanning application security, cloud and Kubernetes environments, smart contract security, security operations, and compliance.

This is a remote engagement; the candidate may be located anywhere within the APAC region and provides the Services from their own location. The Services require coordination with the Company’s engineering function, so the candidate should be available for agreed collaboration windows that overlap with Japan Standard Time (JST/UTC+9), for example, architecture reviews and incident response. The candidate will coordinate with the Director of Engineering as the primary point of contact for scoping and acceptance of deliverables, and will liaise with the Company’s DevOps and Engineering functions as needed across an AWS-native, containerized stack.

Scope of Services

The candidate’s Services will include:

• Designing and implementing security controls across AWS, EKS/Kubernetes, CI/CD (Jenkins, GitHub Actions, ArgoCD), and AI/agentic workflows.
• Delivering threat models, risk assessments, and security architecture reviews across infrastructure, applications, and AI-driven systems.
• Providing end-to-end vulnerability management across code, infrastructure, and AI-generated artifacts, using tools such as NewRelic, Bugsnag, and security scanners.
• Developing recommended secure-coding and AI-usage standards, including guardrails for LLMs, copilots, and automated workflows.
• Building and operating security monitoring, alerting, and incident response capabilities, including detection of AI/agent-related risks.
• Evaluating and recommending security and AI tooling (SAST/DAST, SIEM, EDR, secrets management), with least-privilege access and secure integrations.
• Hardening infrastructure and data layers (Terraform, IAM, VPC, Cloudflare, Cassandra, Kafka, Redis), including protections against unauthorized or automated actions.
• Supporting the Company’s compliance objectives (SOC 2, ISO 27001), with a focus on auditability, data protection, and governance of AI systems.
• Providing security expertise and recommended best practices across AI, cloud, and Web3 (smart contracts, key management, bridges).
• Advising blockchain/product teams on risk mitigation in decentralized systems.

Candidate’s profile (required expertise)

• Demonstrated expertise (typically 5–8 years) in security engineering across application, cloud, and infrastructure security.
• Hands-on experience securing AWS (IAM, VPC, EKS, S3, EC2) and Kubernetes.
• AppSec proficiency (OWASP Top 10, secure SDLC, code reviews) and common tooling (SAST/DAST, SIEM, secrets management).
• Strong foundation in network security, cryptography, and auth protocols (OAuth, SAML, MFA).
• Experience with incident response, threat modelling, and frameworks such as MITRE ATT&CK.
• Familiarity with compliance standards (SOC 2, ISO 27001, NIST, GDPR).
• Ability to operate independently and manage their own methods and schedule.
• Located within the APAC region and able to be available for agreed collaboration windows aligned to JST

Additional valued expertise

• Certifications (CISSP, OSCP, AWS Security, etc.).
• Crypto/Web3 security knowledge (smart contracts, wallet/key management, blockchain attack vectors).
• DevSecOps and CI/CD security integration.
• Cloudflare, service mesh (Istio), or microservices security.
• Software engineering background (Java, Rust, TypeScript).
• Smart contract auditing or Web3 tooling (Slither, MythX, Certora, on-chain monitoring).
• Experience building or scaling a security function.