Senior Security Engineer, Application Security @ Blockchain.com

Senior Security Engineer, Application Security

Blockchain.com is the world\’s leading software platform for digital assets, powering the largest production blockchain platform globally. We are driven by a passion to code, create, and ultimately build an open, accessible, and fair financial future—one line of code at a time.

As we scale our platform to serve millions of people each day, we seek a Senior Application Security Engineer to join our dedicated security team.

At Blockchain.com, security is more than a set of policies—it\’s a core mindset. As we continue to innovate in the crypto space, you will tackle some of the most complex problems around securing a distributed financial platform. The Security team is responsible for guiding the design and implementation of secure systems across the company. Using a comprehensive range of tools and methodologies, we identify and mitigate security risks proactively, ensuring the protection of our users, stakeholders, and systems.

WHAT YOU WILL DO

• Collaborate with Engineering teams to define security requirements and conduct design assessments early in the development lifecycle.
• Perform in-depth code reviews throughout the product lifecycle and conduct penetration tests on both internal and externally-facing services.
• Develop, communicate, and enforce best practices for secure development and deployment of services.
• Continuously improve the Secure Software Development Lifecycle (SDLC) process, driving the adoption of the “Security by Design” principle.
• Create and integrate software and tooling to enforce secure baselines in software development, deployment, and release.
• Conduct security reviews of development processes and documentation, ensuring consistency with security standards.
• Design and implement security libraries and tooling for critical operations (e.g., data encryption, authentication, logging, access control, and input validation).
• Assist Engineering teams in implementing security fixes and develop proactive strategies to mitigate vulnerabilities in their code.

WHAT YOU WILL NEED

• Proven experience with secure software development practices, preferably in JVM-based languages such as Java and Kotlin.
• Demonstrated expertise in performing code reviews, developing secure coding standards, and building secure software across multiple types of projects.
• Significant experience working in highly regulated environments, with previous involvement in cryptocurrency-related projects being a strong plus.
• Strong knowledge of OWASP standards, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools. Familiarity with integrating these tools into CI/CD pipelines is highly desirable.
• Experience with security monitoring techniques and tools for detecting and mitigating threats, ensuring traceability across the stack.
• A strong appetite for learning and a dedication to applying best practices in every project.
• The ability to apply pragmatic solutions to complex security challenges.
• A commitment to integrity, transparency, and excellence in all aspects of work.

CERTIFICATIONS (preferred but not required):

• Certified Information Systems Security Professional (CISSP)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional (OSCP)
• AWS Certified Security – Specialty or similar cloud security certifications

COMPENSATION & PERKS

• Amazing and accessible office location in the heart of London.
• Unlimited vacation policy.
• Full-time salary based on experience and meaningful equity in an industry-leading company.
• London Benefits: Private Medical Insurance (BUPA), Dental, Pension, Life, Short Term & Long Term Disability
• The opportunity to be a key player and build your career at a rapidly expanding, global technology company in an emerging field

APPLICATION:

• Provide links to your GitHub, Stack Overflow, personal website, or blog (if applicable)

#J-18808-Ljbffr