Location: New York or Remote   |   Full-Time
security appsec infosec cloud security cryptography blockchain TEE key sharding incident response threat modeling penetration testing soc2 senior staff Staff Engineer
Company: Privy is an identity and fintech infrastructure startup building a wallet and digital asset API for companies using blockchain and distributed systems, backed by $40M from Ribbit & Sequoia. We power digital ownership for millions of users (>5M MAU) with a focus on privacy and user control through modern cryptography (key sharding, TEEs). Security is core to our mission and product.

Role: As a Security Engineer at Privy, you will play a critical role in ensuring the security of our platform, infrastructure, and products handling sensitive user data and assets. You will work across engineering teams to implement security best practices, conduct security reviews, respond to threats, and build secure systems from the ground up.

Responsibilities:
*   Conduct security architecture reviews, threat modeling, and code reviews.
*   Develop and implement security controls across our cloud infrastructure (AWS/GCP) and applications.
*   Build security tooling and automation to detect and prevent vulnerabilities.
*   Respond to security incidents and conduct forensic analysis.
*   Manage vulnerability scanning, penetration testing, and bug bounty programs.
*   Stay informed about the latest security threats, particularly in the blockchain and cryptography space.
*   Promote a culture of security awareness throughout the engineering organization.
*   Contribute to security audits and compliance efforts (e.g., SOC2).

Ideal Candidate:
*   Proven experience in application security (AppSec) and/or infrastructure security (CloudSec).
*   Strong understanding of web application vulnerabilities (OWASP Top 10) and mitigation techniques.
*   Experience with security tooling (SAST, DAST, SCA, WAF).
*   Knowledge of cloud security best practices (AWS/GCP).
*   Familiarity with cryptography concepts (PKI, key management, HSMs, TEEs is a plus).
*   Experience with incident response and security monitoring.
*   Interest or experience in blockchain security is highly desirable.
*   Scripting/coding skills (e.g., Python, Go) for automation.
*   Based in NYC or willing to work remotely.

Benefits: Competitive salary/equity, 100% health coverage, 401(k), remote flexibility, NYC office option, PTO, parental leave, WFH stipend, team events.
Post Date: April 17, 2025