About The Position

As Leader of Security Engineering, you will set the technical direction and execution for Keyrock’s security engineering program—building secure-by-design cloud foundations, developer "paved roads," and cryptographic/key-management controls appropriate for a high-availability trading environment. This is a hands-on leadership role. Deep knowledge of AWS and AWS Key Management Service (KMS)—including key policies, grants, cross-account patterns, and rotation—is essential.

Requirements

  • 8+ years in security engineering (cloud, platform, and/or product security), with 3+ years leading teams or leading org-wide technical programs.
  • Expert AWS security experience in production environments (multi-account, high availability).
  • Deep AWS KMS expertise: key policies, grants, rotation, and cross-account usage patterns.
  • Strong working knowledge of IAM, identity design, and least-privilege access controls in cloud environments.
  • Proven ability to build security automation (infrastructure-as-code, CI/CD integration, policy enforcement, developer enablement).
  • Clear communication skills: can write standards/runbooks and influence senior engineers and executives.

Nice To Haves

  • Experience in trading, fintech, crypto, or other 24x7 and/or low-latency production environments.
  • Experience building paved-road platforms (golden pipelines, secure templates, internal developer platforms).
  • Familiarity with cloud security tooling ecosystems (CSPM/CIEM, vulnerability management, SAST/DAST, secrets tooling).

Responsibilities

  • Lead and grow a high-performing security engineering team (cloud, platform, application security), setting roadmap, standards, and measurable outcomes.
  • Establish engineering patterns that balance speed and control (secure defaults, automation-first, self-service guardrails).
  • Own cloud security architecture for AWS: landing zone patterns, multi-account strategy, network segmentation, identity and access design, logging/telemetry baselines, and infrastructure hardening.
  • Build preventative controls using infrastructure-as-code and policy-as-code; drive adoption across engineering teams.
  • Own the enterprise encryption program in AWS, including KMS key policy design and governance (least privilege, separation of duties, break-glass, auditable admin/use roles).
  • Define safe grant usage patterns and operational best practices for AWS services and applications.
  • Own key lifecycle management: rotation strategy, aliasing/migration patterns, and recovery considerations.
  • Design cross-account and multi-account access patterns and controls aligned to Keyrock’s cloud operating model.
  • Embed security into the SDLC: threat modeling, secure coding guidance, code scanning, dependency controls, build-time checks, and release gates.
  • Partner with Platform Engineering to harden runtime environments (containers, Linux, CI/CD runners, secrets management, service-to-service authentication).
  • Partner with Security Operations to ensure engineering-driven outcomes: high-signal detections, incident response tooling readiness, forensic logging, and secure configurations that reduce blast radius.

Benefits

  • Work on security challenges unique to digital-asset liquidity and trading across venues.
  • Build durable security capabilities for a high-impact, high-availability business.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service