Principal Security Engineer – Crypto Custody & Assurance

A client of mine is looking for a strong, curious, and technically hands-on security engineer who can work across Security Assurance, Crypto Custody Security, and to a lesser extent Security Engineering. This is a role for someone who thinks deeply, questions assumptions, and understands security fundamentals at a level where they can learn new domains quickly.

The hiring manager is not looking for someone “perfect” in every area. Critical thinking, fundamentals, and the ability to reason through ambiguous or complex security problems matter far more than ticking boxes.

What the Role Involves

Security Assurance (Top Priority)

This role has a large focus on traditional cybersecurity assurance work, validating that the engineering teams and systems are operating securely, and proving (or disproving) assumptions. This includes:

• Application & product security
• Cloud and container security
• Running SAST, SCA, IaC scanning, and cloud security tooling
• Reviewing code, pipelines, and configurations
• Finding weaknesses in assumptions and proving where controls don’t behave as expected
• Strengthening secure development practices and SDLC guardrails

Crypto Custody Security (Top Priority)

The second major focus area is custody security, specifically around digital asset workflows and high-value financial operations.

Experience that’s valuable here includes:

• Working in crypto exchanges, custody platforms, or digital asset fintechs
• Understanding how digital asset movement works
• Securing wallet operations and custody workflows
• Designing or validating controls around the movement of crypto and financial assets

Someone who understands digital asset ecosystems or is excited to learn them will thrive in this part of the role.

Security Engineering (Secondary)

This is not the core of the role, but there will be opportunities to contribute to:

• Identity, authentication, and authorization systems
• Security tooling, internal services, and paved roads
• Automation that supports engineering teams

The hiring manager is happy to teach or develop this area if the fundamentals and mindset are strong.

Incident Response (Nice to Have)

IR experience is beneficial but not essential.
On-call is required for certain high-value systems, so the ability to stay calm, think clearly, and follow structured processes under pressure is what matters most.

What the Hiring Manager Is Really Looking For:

This role is fundamentally about:

• Critical thinking
• Questioning assumptions
• Understanding systems deeply
• Being willing to learn and adapt
• Strong foundational security knowledge
• Breaking ideas down logically and rebuilding them securely

The ideal candidate will naturally ask:

Why does this system work this way?
What assumptions are being made?
What happens if those assumptions fail?
What are alternative approaches?

This thinking style matters more than domain completeness.

Team Fit

The team is relatively junior, so the right person will:

• Enjoy mentoring and guiding others
• Bring experience from a more mature security environment
• Help establish good practices and processes
• Be willing to get hands-on and handle the “dirty work” of maturing systems
• Stay flexible across a broad remit

This role suits someone motivated by impact, ownership, and improving the security posture of an evolving environment.

Operating hybrid out of New York and there is flexibility on what this looks like.

$500k-$600k cash TC + stock