Security Engineer, Institutional Trading

What You Will Do

• Partner with Trading, Middle Office and Quant (Institutional FinOps) teams to map out inventory trading systems, data flows, third‑party integrations and custody/settlement touchpoints.
• Conduct deep‑dive assessments mapping critical assets and workflows to identify structural vulnerabilities.
• Define the Target State and draft strategic Risk Treatment Plans (RTP) required to meet institutional‑grade standards (e.g., CCSS, NIST, DORA).
• Act as the primary security liaison for Senior Management and third‑party vendors.
• Translate complex technical gaps into actionable business risk summaries, drive vendor evaluations for core security infrastructure, and manage the project lifecycle for high‑impact posture uplifts.
• Implement and maintain monitoring for FinOps‑specific security signals such as abnormal order patterns, signature misuse, unusual settlements.
• Integrate these signals into SIEM/SOAR for real‑time response.
• Support secrets and key‑management hygiene.
• Ensure app/service keys are stored in KMS/Vault, scoped to least privilege and rotated automatically to prevent credential leakage.
• Assist product security in triage of SAST/SCA findings for FinOps‑related repositories.
• Help implement CI checks and remediation playbooks.
• Participate in incident exercises, post‑incident reviews and remediation tracking for trading incidents.
• Document controls and produce concise risk summaries for FinOps leads and Security.

What You Will Need

• 5+ years in security engineering, platform security, or application security experience.
• Proven expertise in Threat Modeling.
• Ability to perform structured reviews (e.g., STRIDE) of complex data flows and operational processes.
• Experience with observability and detection tooling (SIEM, logs, metrics) and ability to write basic detection rules.
• Practical experience with KMS/HSM, secrets management platforms (Vault, 1Password, AWS/GCP KMS), IAM patterns and least‑privilege.
• Exceptional ability to translate 'Technical Debt' into Business Risk for C‑suite stakeholders (CFO, CTO, Head of Trading).
• Ability to raise, read and audit Pull Requests in at least one language used in our stack (TypeScript, Java/Kotlin, Python).
• Experience conducting technical due diligence and scoping for third‑party security integrations.

Nice to Have

• Familiarity with trading systems or financial operations (market‑making, execution, settlement) or close collaboration background with trading/quant teams.
• Exposure to blockchain on‑chain concepts (wallets, addresses, transactions) but no requirement to audit contracts.
• Familiarity with SOC operations, and post‑incident forensic analysis.
• Familiarity with SOC2, ISO 27001, or financial audit requirements.
• Any relevant industry certification.

Compensation & Perks

• Full‑time salary based on experience and meaningful equity in an industry‑leading company.
• Role based in London office, with a mandatory in‑office presence four days per week.
• Work from Anywhere Policy: Remotely from anywhere in the world for up to 20 days per year.
• ClassPass.
• Unlimited vacation policy.
• Apple equipment.
• The opportunity to be a key player and build your career at a rapidly expanding, global technology company in an emerging field.
• Flexible work culture.

Blockchain is committed to diversity and inclusion in the workplace and is proud to be an equal opportunity employer. We prohibit discrimination and harassment of any kind based on race, religion, color, national origin, gender, gender expression, sex, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law. This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, and apprenticeship. Blockchain makes hiring decisions based solely on qualifications, merit, and business needs at the time.