Lead Security Engineering
Are you a visionary Security Engineering leader ready to fortify the foundations of a pioneering digital asset firm? Keyrock is seeking a hands-on technical leader to architect and execute our security engineering program, ensuring the highest standards of security for our high-availability trading environment.
About Keyrock: Building the Future of Digital Assets
Since our inception in 2017, Keyrock has rapidly become a leading innovator in the digital asset space. We're renowned for our strategic partnerships, cutting-edge technology, and unwavering commitment to progress.
Today, our vibrant team comprises over 180 talented individuals from 42 nationalities, ranging from DeFi natives to PhDs. We thrive in a predominantly remote environment, complemented by dynamic hubs in London, Brussels, Singapore, and Paris. We foster a tight-knit community with regular online and offline gatherings.
Operating on more than 80 exchanges and collaborating with a diverse array of asset issuers, our distinctive expertise in market making has fueled rapid expansion. Our services now encompass market making, options trading, high-frequency trading (HFT), OTC, and DeFi trading desks.
But we’re more than a service provider—we are architects of change. We pioneered the adoption of the Rust Development language for algorithmic trading and championed its use across the industry. We nurture Web3 startups through our Accelerator Program, inject vital liquidity into promising DeFi, RWA, and NFT protocols, and push the industry forward with our insightful research and governance initiatives.
At Keyrock, we’re not just imagining the future of digital assets; we're actively building it.
The Opportunity: Lead Security Engineering
As our Lead of Security Engineering, you will be at the forefront of securing Keyrock’s critical infrastructure. This is a pivotal, hands-on leadership role where you will define the technical direction and drive the execution of our security engineering program. You will be responsible for building secure-by-design cloud foundations, developing seamless "paved roads" for developers, and implementing robust cryptographic and key-management controls essential for a high-availability trading environment.
Deep expertise in AWS and specifically AWS Key Management Service (KMS)—including key policies, grants, cross-account patterns, and rotation—is absolutely essential for this role.
What You'll Be Doing (Your Impact)
Security Engineering Leadership
Lead, mentor, and grow a high-performing security engineering team across cloud, platform, and application security domains.
Define the team's roadmap, establish security standards, and drive measurable outcomes.
Architect engineering patterns that expertly balance development speed with stringent security controls through secure defaults, automation-first approaches, and self-service guardrails.
AWS Cloud Security Architecture
Own and evolve the cloud security architecture for AWS, including landing zone patterns, multi-account strategies, sophisticated network segmentation, robust identity and access management (IAM) design, comprehensive logging/telemetry baselines, and infrastructure hardening.
Develop and implement preventative controls using infrastructure-as-code (IaC) and policy-as-code (PaC), driving their widespread adoption across all engineering teams.
Encryption and Key Management (KMS is Core)
Be the architect and guardian of our enterprise encryption program in AWS. This includes designing and governing KMS key policies (least privilege, separation of duties, break-glass procedures, auditable admin/use roles).
Define secure grant usage patterns and establish operational best practices for both AWS services and our internal applications.
Own the complete key lifecycle management process: rotation strategies, aliasing/migration patterns, and robust recovery considerations.
Design secure cross-account and multi-account access patterns and controls, ensuring alignment with Keyrock’s sophisticated cloud operating model.
Secure SDLC and Product Security
Embed security seamlessly into every stage of the Software Development Life Cycle (SDLC): Conduct thorough threat modeling. Partner closely with Platform Engineering to harden runtime environments, including containers, Linux, CI/CD runners, secrets management, and service-to-service authentication. Operational Partnership (Collaboration, Not Ownership) Collaborate with our Security Operations team to ensure engineering-driven outcomes, focusing on high-signal detections, incident response tooling readiness, forensic logging capabilities, and secure configurations that minimize blast radius. What You'll Bring (Your Expertise) The Essentials (Must-Haves) 8+ years of dedicated experience in security engineering (cloud, platform, and/or product security), with a minimum of 3 years leading teams or spearheading organization-wide technical security programs. Bonus Points (Nice-to-Haves) Experience within trading, fintech, crypto, or other 24x7 and/or low-latency production environments. Why Join Keyrock? Impact the Future: Work at the bleeding edge of digital asset liquidity and trading, tackling unique and complex security challenges that are critical to our global operations.
Provide secure coding guidance.
Implement automated code scanning and dependency controls.
Enforce build-time security checks and release gates.
Expert-level AWS security experience in production environments, specifically within multi-account, high-availability setups.
Deep, hands-on AWS KMS expertise: designing and implementing key policies, managing grants, developing rotation strategies, and handling complex cross-account usage patterns.
Strong working knowledge of IAM, identity design, and the implementation of least-privilege access controls in dynamic cloud environments.
Proven ability to build robust security automation solutions, including infrastructure-as-code, CI/CD integration, policy enforcement, and developer enablement tools.
Exceptional communication skills: ability to clearly articulate complex security concepts, write comprehensive standards and runbooks, and influence senior engineers and executives effectively.
Track record of building "paved-road" platforms, such as golden pipelines, secure templates, or internal developer platforms.
Familiarity with the broader cloud security tooling ecosystem (CSPM/CIEM, vulnerability management, SAST/DAST, secrets management solutions).
Build Lasting Systems: Design and implement durable security capabilities for a high-impact, high-availability business where your contributions directly influence our success.
Innovative Culture: Be part of a diverse, remote-friendly team that is pioneering technologies like Rust and actively shaping the Web3 ecosystem.
Growth and Development: Thrive in an environment that values curiosity, innovation, and continuous learning, with opportunities to lead and make a significant technical impact.