Senior Corporate Security Enginee
About Turnkey
At Turnkey, we're on a mission to secure the open internet by making strong cryptography and key management the default. We build cutting-edge, developer-first infrastructure for private key management, enabling seamless wallet creation, transaction signing, and automated on-chain actions through one elegant API – all without ever exposing sensitive key material.
Founded by the pioneering team behind Coinbase Custody, the world's largest and most secure crypto custodian, our work has been instrumental in safeguarding over $100B in crypto assets across the industry. Our team boasts more than 100 years of combined experience in cryptography, security, and low-level systems, fostering a culture that is low-ego, high-agency, and highly autonomous, dedicated to building reliable, at-scale infrastructure.
The Opportunity: Pioneer Corporate Security at Turnkey
We are seeking a **Senior Corporate Security Engineer** to architect, own, and scale the corporate security posture at Turnkey. This is a foundational, greenfield opportunity: you will be our very first dedicated corporate security hire, working directly with the security lead to build enterprise security capabilities from the ground up.
You will be the guardian of Turnkey’s people, endpoints, SaaS applications, identity systems, and internal infrastructure. Your expertise will secure our distributed workforce, enabling our team to innovate rapidly without ever compromising on safety. This pivotal role sits at the intersection of security engineering, IT operations, and risk management, where you will design and build robust, user-friendly security controls that ensure Turnkey remains secure as we accelerate our growth.
What You'll Drive
Architect & Secure Corporate Infrastructure: Design, implement, and manage security for endpoints and distributed systems. Lead Security Initiatives & Risk Reduction: Lead critical initiatives focused on endpoint hardening, access controls, and comprehensive vendor risk management. Enhance Detection, Response & Automation: Respond to security incidents with urgency, precision, and deep technical expertise. Cultivate a Security-First Culture & Education: Champion security best practices and build impactful awareness programs. What We're Looking Fo 5+ years of hands-on experience in corporate security, enterprise security, IT security, or endpoint security engineering. MDM Platforms (JAMF, Kandji, Intune, or similar). Solid cloud security experience (AWS, GCP). Bonus Points Experience within the Crypto/Web3 or FinTech industries. What We Offe Comprehensive benefits package, including medical, dental, vision, life, disability, HSA/FSA, and 401(k).
Deploy and operate our comprehensive security stack, including MDM, EDR/XDR, ZTNA, and SSO.
Enforce zero-trust principles, least-privilege access, and industry-leading hardening standards.
Conduct thorough security design reviews, risk assessments, and vulnerability remediation efforts.
Develop, implement, and enforce robust security policies and best practices across the organization.
Collaborate on the development of detection rules, alerts, and continuous monitoring strategies.
Automate security workflows and create comprehensive runbooks and playbooks to scale security operations efficiently.
Partner with teams across the organization to embed "secure by default" principles into all workflows.
Serve as a trusted security advisor, guiding and educating colleagues on the importance of security.
Proven, hands-on expertise with:
EDR/XDR solutions (Crowdstrike, SentinelOne, Microsoft Defender, etc.).
Identity and Access Management (Okta, Azure AD/Entra ID, etc.).
Authentication Protocols (SAML, OAuth, OIDC, SCIM, etc.).
Zero-trust principles (device trust, conditional access, least-privilege models).
Deep macOS security expertise, including architecture, hardening, and fleet management.
A security-first mindset coupled with practical knowledge of defense-in-depth and risk-based security methodologies.
Demonstrable detection/response experience: SIEM, log analysis, threat hunting, or SOC operations.
Up-to-date knowledge of the modern threat landscape, including adversary TTPs, phishing, and insider threats.
Familiarity with security compliance frameworks such as SOC 2, ISO 27001, or similar.
Generous paid parental leave.
Unlimited PTO (and we actively encourage you to take time off!).
$3,000 annual learning and development budget to support your growth and conference attendance.
Multiple team offsites per year for collaboration and connection.
State-of-the-art Macbook Pro laptop.
Lunch stipend for those working from our New York City office.