Staff Product Security Engineer (Web3)

TL;DR

Staff Product Security Engineer (Web3/SaaS): Leading product security for a blockchain data platform with an accent on threat modeling, penetration testing, and securing AI tooling. Focus on integrating security automation into CI/CD pipelines and remediating vulnerabilities across AWS and Kubernetes estates.

Location: Remote (United Kingdom)

Company

hirify.global provides complete knowledge of blockchain activity to help organizations navigate the ecosystem safely and combat financial crime.

What you will do

• Lead product security for SaaS offerings, partnering with engineering teams on design and remediation.
• Own the Unified Security Review process for new product launches, vendor evaluations, and AI tooling.
• Drive the Security Engineering Risk Management Framework and SOC2 compliance across R&D.
• Manage the Vulnerability Disclosure Program and security bug reporting workflow.
• Provide security guardrails for internal AI platforms, LLM gateways, and coding agents.
• Participate in a shared on-call rotation for high-severity production security incidents.

Requirements

• 8+ years of application security engineering experience.
• Strong production coding ability in Java, TypeScript, Python, or Go.
• Experience building security automation into CI/CD pipelines.
• Hands-on penetration testing of production SaaS applications.
• Expertise in threat modeling, secure design reviews, and OWASP Top 10.
• Must be based in the United Kingdom.

Nice to have

• Experience in Web3, Blockchain, or Digital Assets.
• Experience building AI workflows, agents, and guardrailing.

Culture & Benefits

• Inclusive work environment committed to diversity of experience and thought.
• Global team culture with a focus on continuous learning.
• Accessibility support and accommodations provided during the interview process.