Staff Security Engineer at Paxos

<p style="min-height:1.5em"><strong>About Paxos </strong></p><p style="min-height:1.5em">Today’s financial infrastructure is archaic, expensive, inefficient and risky — supporting a system that leaves out more people than it lets in. So we’re rebuilding it.</p><p style="min-height:1.5em">We’re on a mission to open the world’s financial system to everyone by enabling the instant movement of any asset, any time, in a trustworthy way. For over a decade, we’ve built blockchain infrastructure that tokenizes, custodies, trades and settles assets for the world’s leading financial institutions, like Mastercard, Visa, Robinhood, and PayPal. </p><p style="min-height:1.5em"><strong>About the team</strong></p><p style="min-height:1.5em">The Security team is a specialized, deeply technical, and vigilant group tasked with protecting our digital assets, customer funds, and sensitive data against a sophisticated threat landscape. The team has many pillars, such as Application and Blockchain Security, Cloud Security, Security Operations, GRC, and IT.</p><p style="min-height:1.5em"><strong>About the role </strong></p><p style="min-height:1.5em">As a Staff Security Engineer at Paxos, you will play a pivotal role in designing, building, and securing products, infrastructure, and operational flows. You will leverage your expertise in security principles, threat modeling, cloud security, distributed systems, cryptography, and modern software development practices to ensure the security of our platform.</p><p style="min-height:1.5em"><strong>What you’ll do </strong></p><ul style="min-height:1.5em"><li><p style="min-height:1.5em"><strong>Implement Next-Gen Defenses:</strong> Lead the design and implementation of secure infrastructure application architecture, and standards. You will influence the security of our systems, including hot/cold signing services, distributed systems in Kubernetes, network controls, blockchain &amp; asset bridges, etc.</p></li><li><p style="min-height:1.5em"><strong>Drive the Secure SDLC:</strong> Embed security into the development lifecycle. You won't just audit code; you will build the pave-the-road tooling and CI/CD guardrails that make it easy for developers to ship secure code by default.</p></li><li><p style="min-height:1.5em"><strong>Threat Modeling &amp; Risk:</strong> Conduct deep-dive threat modeling sessions for new products (e.g., new chain integrations, bridge architecture, etc.). You will identify issues and economic attack vectors that automated tools miss.</p></li><li><p style="min-height:1.5em"><strong>Incident Response Leadership:</strong> Serve as an Incident Commander during high-severity security events. You will refine our IR playbooks, lead war games/tabletop exercises, and ensure we can detect and neutralize threats in seconds, not days.</p></li><li><p style="min-height:1.5em"><strong>Cryptography &amp; Key Management: </strong>Oversee the lifecycle of cryptographic material. You will ensure our use of HSMs (Hardware S