At a Glance
- Tasks: Lead product security for our SaaS platform, ensuring safety through design and hands-on testing.
- Company: Join Chainalysis, a leader in securing financial crime investigations for governments and banks.
- Benefits: Competitive salary, flexible work options, and opportunities for professional growth.
- Other info: Dynamic team environment with a focus on innovation and career advancement.
- Why this job: Make a real impact on security in the fast-paced world of crypto and AI.
- Qualifications: 8+ years in application security with strong coding skills in Java or similar languages.
The predicted salary is between 80000 - 100000 € per year.
About the Team
Product Security at Chainalysis keeps our SaaS platform — used by governments, banks, and crypto exchanges to investigate financial crime — secure by design. We partner directly with product and platform engineering on threat modeling, design reviews, penetration testing, and remediation of findings across our AWS and Kubernetes estate.
In this role, you’ll:
- Lead Product Security across Chainalysis' SaaS offerings, partnering with product and platform engineering teams on design, code, and remediation.
- Own Unified Security Review process for new product launches, vendor evaluations, and AI tooling — including custom penetration tests scoped to each review.
- Drive Security Engineering Risk Management Framework, for consistent risk classification and remediation tracking across product.
- Lead the Vulnerability Disclosure Program and security bug reporting workflow, from researcher intake through fix.
- Drive SOC2 and compliance‑related security remediation across product engineering, partnering with R&D leads on architectural fixes.
- Provide security review and guardrails for internal AI platforms and coding agents (LLM gateways, prompt/response controls, agent permissioning).
- Participate in a shared on‑call rotation for high‑severity production security incidents.
We’re looking for candidates who have:
- 8+ years of application security engineering experience.
- Strong production coding ability in at least one of Java (preferred), TypeScript/JavaScript, Python, or Go — enough to perform deep code review, write proof‑of‑concept exploits, and contribute fixes directly into product repos.
- Building security automation into CI/CD pipelines.
- Hands‑on penetration testing of production SaaS applications, including custom tests scoped to new product launches.
- Threat modeling, secure design reviews, and static/dynamic code analysis across the SDLC.
- Identifying and remediating common web application vulnerabilities (OWASP Top 10).
- Experience securing internal AI/LLM platforms and coding agents (model gateways, prompt/response controls, agent permissioning).
Nice to have experience:
- Experience in Web3, Blockchain or Digital Assets.
- Experience building AI workflows, agents, and guardrailing.
Technologies we use:
- Cloud and containers: AWS, GCP, Kubernetes (EKS/GKE).
- Infrastructure‑as‑Code: Terraform.
- Security tooling: Wiz, SonarCloud, Burp, Cloudflare.
- CI/CD and source control: GitHub, GitHub Actions, Artifactory and related build/deploy tooling.
- Languages and scripting: Java, JavaScript, Python, Go.
- AI Coding Agents, Tooling, Systems.
Staff Security Engineer, Product Security in London employer: Chainalysis Inc.
Chainalysis is an exceptional employer that fosters a collaborative and innovative work culture, where your contributions directly impact the security of our cutting-edge SaaS platform. With a strong emphasis on employee growth, we offer opportunities for professional development through hands-on projects and leadership roles in product security, all while working in a dynamic environment that values creativity and teamwork. Located in a vibrant tech hub, our team enjoys a flexible work-life balance and access to the latest technologies, making it an ideal place for passionate security engineers to thrive.
StudySmarter Expert Advice🤫
We think this is how you could land Staff Security Engineer, Product Security in London
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can refer you directly.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your projects, especially those related to security engineering. This gives potential employers a taste of what you can do beyond just a CV.
✨Tip Number 3
Prepare for interviews by brushing up on common security scenarios and coding challenges. Practice explaining your thought process clearly, as communication is key in technical roles like this one.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are genuinely interested in joining our team.
We think you need these skills to ace Staff Security Engineer, Product Security in London
Some tips for your application 🫡
Tailor Your CV:Make sure your CV reflects the skills and experiences that align with the Staff Security Engineer role. Highlight your application security engineering experience and any relevant coding abilities in Java, TypeScript, or Python.
Craft a Compelling Cover Letter:Use your cover letter to tell us why you're passionate about product security. Share specific examples of your hands-on penetration testing or threat modelling experience to show how you can contribute to our team.
Showcase Your Technical Skills:Don’t forget to mention your experience with security automation, CI/CD pipelines, and any tools you've used like Terraform or Burp. We want to see how you can bring your technical expertise to our SaaS platform.
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it shows you’re keen on joining our team!
How to prepare for a job interview at Chainalysis Inc.
✨Know Your Stuff
Make sure you brush up on your application security engineering knowledge, especially around the OWASP Top 10 vulnerabilities. Be ready to discuss your hands-on experience with penetration testing and how you've tackled security issues in production SaaS applications.
✨Show Off Your Coding Skills
Since coding is a big part of this role, be prepared to demonstrate your proficiency in Java, TypeScript, Python, or Go. You might be asked to perform a code review or even write a proof-of-concept exploit, so practice coding challenges related to security.
✨Understand the Tools
Familiarise yourself with the technologies mentioned in the job description, like AWS, Kubernetes, and Terraform. If you have experience with security tools like Wiz or Burp, be ready to share specific examples of how you've used them in past projects.
✨Prepare for Scenario Questions
Expect scenario-based questions where you'll need to explain how you'd handle security incidents or lead a vulnerability disclosure program. Think through your past experiences and be ready to articulate your thought process and decision-making.
