Security Application Engineer at BitGo Inc.

<div class="content-intro"><p>BitGo is the leading infrastructure provider of digital asset solutions, delivering custody, wallets, staking, trading, financing, and settlement services from regulated cold storage. Since our founding in 2013, we have focused on enabling our clients to securely navigate the digital asset space. With a global presence and multiple Trust companies, BitGo serves thousands of institutions, including many of the industry's top brands, exchanges, and platforms, and millions of retail investors worldwide. As the operational backbone of the digital economy, BitGo handles a significant portion of Bitcoin network transactions and is the largest independent digital asset custodian, and staking provider, in the world. For more information, visit <a class="c-link" href="http://www.bitgo.com/" target="_blank" data-stringify-link="http://www.bitgo.com" data-sk="tooltip_parent">www.bitgo.com</a>.</p></div><p><em>This role will require being full-time onsite at our Palo Alto office to support collaborative team dynamics and innovative problem-solving.</em></p> <p>We are seeking a Senior Application Security Engineer to lead the technical execution of our product security strategy. This role focuses on securing high-growth FinTech and Web3 digital asset platforms by building end-to-end security programs and integrating automated security controls directly into the software development lifecycle. The ideal candidate has a deep engineering background, hands-on experience defending complex cloud environments, and a passion for securing blockchain-adjacent technologies.</p> <h3><strong>Key Responsibilities:</strong></h3> <ul> <li>Lead comprehensive threat modeling and product security architecture reviews in collaboration with cross-functional teams.</li> <li>Integrate security automation into CI/CD pipelines utilizing SAST, DAST, and continuous vulnerability management tools.</li> <li>Architect and implement secure-by-default cloud infrastructure on AWS using Terraform and Kubernetes.</li> <li>Design and deploy robust encryption services, key management systems (KMS), and advanced data protection controls across distributed environments.</li> <li>Oversee operational security initiatives including corporate bug bounty programs, incident response workflows, and regular penetration testing engagements.</li> <li>Secure next-generation AI-integrated applications by establishing input/output validation protocols and LLM guardrails.</li> <li>Engineer proactive defenses to safeguard platform infrastructure against sophisticated adversaries and nation-state-level threats.</li> </ul> <h3><strong>Qualifications:</strong></h3> <ul> <li>8+ years of expe