Job Description
As a Security Engineering Architect, you will play a pivotal role in designing and implementing robust security frameworks for self-custodial wallets and related DeFi products. This position requires a deep understanding of cryptographic protocols, secure system architecture, and risk management strategies to ensure the highest level of protection for digital assets. You will collaborate closely with cross-functional teams to align security solutions with business objectives while maintaining compliance with industry standards and regulations.
Key Responsibilities
- Lead the identification and definition of security threat models for self-custodial wallet systems and DeFi products, incorporating advanced risk assessment methodologies to anticipate and mitigate potential vulnerabilities.
- Collaborate with product teams to develop comprehensive asset security policies tailored for institutional customers, ensuring alignment with regulatory requirements and enterprise security goals.
- Optimize the utilization of available asset protection measures, including smart contract security, centralized policy enforcement mechanisms, and decentralized identity verification protocols, to create a layered defense strategy.
- Design and implement security features using STOA encryption algorithms, with a focus on private key protection. This includes but is not limited to: Multi-sig wallet architectures, MPC SSS (Secret Sharing Scheme) for secure key distribution, and MPC TSS (Threshold Signature Scheme) for enhanced cryptographic resilience.
- Architect and deploy Trusted Execution Environment (TEE) solutions leveraging hardware and software confidential computing tools, ensuring secure execution of sensitive operations on mobile platforms, data centers, and cloud infrastructure.
- Conduct rigorous code reviews and coordinate with third-party audit firms to identify, prioritize, and remediate security vulnerabilities across all product lines, maintaining a proactive approach to threat detection and mitigation.
- Regularly organize and lead security strategy meetings to analyze emerging threats, share insights on industry developments, and report on the latest security challenges impacting self-custodial and DeFi products, fostering continuous improvement and innovation.
Job Requirements
- Proven expertise in security architecture design, with a strong background in blockchain security, cryptographic protocols, and decentralized finance (DeFi) ecosystems.
- Deep technical knowledge of encryption algorithms (e.g., STOA), secure key management systems, and zero-knowledge proof technologies to implement cutting-edge security solutions.
- Experience in developing and maintaining Trusted Execution Environments (TEE) using hardware-based security modules (HSMs) and software-defined confidential computing frameworks.
- Strong collaboration skills to work with product teams, compliance officers, and third-party auditors in creating holistic security strategies for institutional-grade DeFi platforms.
- Ability to analyze complex security challenges, translate them into technical requirements, and design scalable, secure systems that meet both functional and regulatory needs.
- Excellent communication skills to present security findings, risk assessments, and mitigation plans to technical and non-technical stakeholders in a clear and actionable manner.
- Proficiency in programming languages (e.g., Solidity, Python) and security tools for implementing, testing, and auditing cryptographic systems and smart contracts.
- Knowledge of industry standards such as ISO 27001, NIST Cybersecurity Framework, and GDPR to ensure compliance with global security and data protection regulations.
- Experience with secure development lifecycle (SDLC) practices, including threat modeling, code audits, and penetration testing, to build resilient systems from the ground up.
- Ability to stay updated with the latest advancements in blockchain security, DeFi protocols, and confidential computing technologies to maintain a competitive edge in the field.
