Senior Product Security Engineer (Web3)

TL;DR

Senior Product Security Engineer (Web3): Designing and operating secure development lifecycles for high-stakes financial products with an accent on threat modeling, automated security pipelines, and vulnerability remediation. Focus on architecting security for crypto-transaction flows, integrating AI-driven security tooling, and mentoring engineering teams to deliver secure code.

Location: Must be based in London, UK (4 days per week in-office)

Company

A leading global crypto company facilitating over $1 trillion in transactions and serving millions of users worldwide.

What you will do

• Operate and improve the secure development lifecycle, including SAST/SCA/DAST and CI/CD security automation.
• Lead threat modeling and architecture reviews for sensitive flows like authentication, payments, and custody.
• Research and embed AI utilities and LLM agents into the secure development lifecycle.
• Oversee technical triage for the Bug Bounty program and convert findings into architectural hardening projects.
• Perform deep-dive manual code reviews of security-sensitive Pull Requests in Java, Kotlin, and Python.
• Negotiate security debt remediation with Engineering and Product leadership using data-driven risk assessments.

Requirements

• 4+ years of total security engineering experience, with 3+ years in application/product security.
• Must be based in London and able to work from the office 4 days per week.
• Expert-level ability to audit and fix code in Kotlin, Java, TypeScript, and Python.
• Strong experience with security automation (CodeQL, Snyk) and containerized environments (Kubernetes).
• Proven track record in threat modeling for high-stakes financial systems.
• Excellent stakeholder management skills to negotiate security requirements with engineering leadership.

Nice to have

• Experience with fintech, trading, or OTC product security.
• Practical experience with AI-assisted security tooling or LLMs for patch generation.
• Advanced certifications such as OSCP, OSWE, or CISSP.
• Experience with smart contract security or on-chain/off-chain integration.

Culture & Benefits

• Meaningful equity in an industry-leading company.
• Unlimited vacation policy.
• Work from Anywhere policy (up to 20 days per year).
• ClassPass membership.
• Modern Apple equipment provided.
• Flexible work culture in a rapidly expanding global environment.