Security Engineer at ECHOOO

Job Description

Key Responsibilities

• Lead the identification and definition of security threat models for self-custodial wallet systems and DeFi products, incorporating advanced risk assessment methodologies to anticipate and mitigate potential vulnerabilities.
• Collaborate with product teams to develop comprehensive asset security policies tailored for institutional customers, ensuring alignment with regulatory requirements and enterprise security goals.
• Optimize the utilization of available asset protection measures, including smart contract security, centralized policy enforcement mechanisms, and decentralized identity verification protocols, to create a layered defense strategy.
• Design and implement security features using STOA encryption algorithms, with a focus on private key protection. This includes but is not limited to: Multi-sig wallet architectures, MPC SSS (Secret Sharing Scheme) for secure key distribution, and MPC TSS (Threshold Signature Scheme) for enhanced cryptographic resilience.
• Architect and deploy Trusted Execution Environment (TEE) solutions leveraging hardware and software confidential computing tools, ensuring secure execution of sensitive operations on mobile platforms, data centers, and cloud infrastructure.
• Conduct rigorous code reviews and coordinate with third-party audit firms to identify, prioritize, and remediate security vulnerabilities across all product lines, maintaining a proactive approach to threat detection and mitigation.
• Regularly organize and lead security strategy meetings to analyze emerging threats, share insights on industry developments, and report on the latest security challenges impacting self-custodial and DeFi products, fostering continuous improvement and innovation.

Job Requirements

• Proven expertise in security architecture design, with a strong background in blockchain security, cryptographic protocols, and decentralized finance (DeFi) ecosystems.
• Deep technical knowledge of encryption algorithms (e.g., STOA), secure key management systems, and zero-knowledge proof technologies to implement cutting-edge security solutions.
• Experience in developing and maintaining Trusted Execution Environments (TEE) using hardware-based security modules (HSMs) and software-defined confidential computing frameworks.
• Strong collaboration skills to work with product teams, compliance officers, and third-party auditors in creating holistic security strategies for institutional-grade DeFi platforms.
• Ability to analyze complex security challenges, translate them into technical requirements, and design scalable, secure systems that meet both functional and regulatory needs.
• Excellent communication skills to present security findings, risk assessments, and mitigation plans to technical and non-technical stakeholders in a clear and actionable manner.
• Proficiency in programming languages (e.g., Solidity, Python) and security tools for implementing, testing, and auditing cryptographic systems and smart contracts.
• Knowledge of industry standards such as ISO 27001, NIST Cybersecurity Framework, and GDPR to ensure compliance with global security and data protection regulations.
• Experience with secure development lifecycle (SDLC) practices, including threat modeling, code audits, and penetration testing, to build resilient systems from the ground up.
• Ability to stay updated with the latest advancements in blockchain security, DeFi protocols, and confidential computing technologies to maintain a competitive edge in the field.