Senior Application Security Engineer: Forge the Future of Crypto Security
At Turnkey, we're not just building software; we're securing the open internet by making strong cryptography and key management the default. We empower developers with secure, developer-first infrastructure for private key management, simplifying wallet creation, transaction signing, and on-chain automation through one elegant API – all without ever exposing sensitive key material.
Our foundation is built on deep expertise. Turnkey was founded by the team behind Coinbase Custody, the world’s largest and most secure crypto custodian, whose pioneering work has safeguarded over $100B in crypto assets across the industry. Our team is characterized by a low-ego, high-agency, and high-autonomy culture, boasting more than 100 years of combined experience in cryptography, security, and low-level systems, committed to building reliable infrastructure used at scale.
The Opportunity: Secure Our Core Foundation
We are seeking a **Senior Application Security Engineer** to join Turnkey's mission-critical team. This is a chance to embed deeply with our product and infrastructure engineering teams, ensuring our systems, pipelines, and runtime environments are **secure by design and resilient at scale.**
This is a hands-on, builder role ideal for a professional who thrives on shaping how security is integrated into every aspect of our architecture, building robust and secure systems from the ground up.
Your Impact & Responsibilities **Lead Security Integration:** Partner deeply with Product and Engineering teams, participating directly in implementation efforts, conducting security reviews, and shaping product design decisions to ensure security is foundational. Who You Are Bachelor’s degree in Computer Science, Engineering, or a related field. Bonus Points If You Have Familiarity with crypto or DeFi systems and their unique security challenges. Why Join Turnkey? Our Commitment to You **Comprehensive Benefits:** Full coverage including medical, dental, vision, life, disability, HSA/FSA, and 401(k).
You won't just find vulnerabilities; you'll prevent them, building security into the very fabric of our innovation. You will partner with Product and Engineering at both the design and development stage to ensure that we implement new features securely:
**Proactive Vulnerability Management:** Conduct comprehensive threat modeling and security assessments for new features and systems, identifying risks early and shaping secure architectural decisions. You will also proactively audit and surface vulnerabilities in our current products.
**Drive Automation & Developer Enablement:** Develop and enhance our automated tooling to scale our product security capabilities, identifying potential code problems both before and after deployment. Work on defining and building application guardrails to make the "safe way the easy way," empowering developers to build securely by default.
**Incident Response & Remediation:** Investigate and resolve security issues, including vulnerabilities and incidents, and drive long-term improvements to prevent recurrence.
**Cultivate a Security-First Culture:** Champion secure development practices and define standards that influence how Turnkey builds, deploys, and maintains systems at scale, embedding a pervasive culture of security across engineering.
You're a seasoned security professional with a passion for building robust, high-integrity systems in a dynamic environment:
5+ years of experience in application or product security, ideally in fast-moving, high-impact, or crypto-native environments.
Strong understanding of web, mobile, and cryptographic security fundamentals (e.g., OWASP Top Ten, SANS/CWE Top 25).
Proficiency in programming and scripting languages such as **Typescript/Javascript, Go, and Rust**, with proven experience building secure systems from the code up.
Hands-on experience with security testing tools and methodologies (static/dynamic analysis, penetration testing, etc.).
Strong understanding of cloud, containerized, and runtime environments (e.g., **AWS, GCP, Docker, Kubernetes**), with the ability to embed security early in the SDLC.
Excellent analytical, problem-solving, and communication skills, with a collaborative mindset for partnering across product and infrastructure teams.
Curious, proactive, and passionate about building secure, reliable systems in a fast-moving startup environment.
A true builder mentality; comfortable operating with ambiguity, tackling incomplete systems, and applying hands-on engineering experience to complex security challenges.
Familiarity with threat modeling frameworks and cloud-native security tooling.
At Turnkey, we believe in supporting our team members with a comprehensive benefits package and a culture that fosters growth and well-being:
Paid parental leave.
**Truly Unlimited PTO** (and we actively encourage you to take time off!).
**Generous Learning & Development Budget:** $3,000/year to attend industry conferences and further your skills.
Multiple team offsites per year.
Top-tier equipment: Macbook Pro laptop.
Lunch stipend (for those physically in the New York City office).