Remote Senior Security Engineer, Application Security

Description:

• Turnkey builds secure, developer-first infrastructure for private key management, enabling the creation of wallets, signing transactions, and automating on-chain actions through a single API without exposing sensitive key material.
• The mission is to secure the open internet by making strong cryptography and key management the default.
• Founded by the team behind Coinbase Custody, Turnkey has helped protect over $100B in crypto across the industry.
• The team has over 100 years of combined experience in cryptography, security, and low-level systems, focusing on building reliable infrastructure at scale.
• The Senior Application Security Engineer will ensure that systems, pipelines, and runtime environments are secure by design and resilient at scale.
• The role involves embedding directly with product and infrastructure engineering teams to integrate security into every aspect of the architecture.
• Responsibilities include participating in implementation efforts, conducting security reviews, assisting with product design decisions, auditing vulnerabilities, conducting threat modeling, developing automated tooling, defining application guardrails, investigating security issues, and embedding a culture of secure development across engineering.

Requirements:

• A Bachelor's degree in Computer Science, Engineering, or a related field is required.
• A minimum of 5 years of experience in application or product security, preferably in fast-moving, high-impact, or crypto-native environments is necessary.
• A strong understanding of web, mobile, and cryptographic security fundamentals, including OWASP Top Ten and SANS/CWE Top 25, is essential.
• Proficiency in programming and scripting languages such as Typescript/Javascript, Go, and Rust, along with experience in building secure systems from the code up, is required.
• Hands-on experience with security testing tools and methodologies, including static/dynamic analysis and penetration testing, is needed.
• A strong understanding of cloud, containerized, and runtime environments (AWS, GCP, Docker, Kubernetes) is necessary, with the ability to embed security early in the SDLC.
• Excellent analytical, problem-solving, and communication skills are required, along with a collaborative mindset for partnering across product and infrastructure teams.
• Candidates should be curious, proactive, and passionate about building secure, reliable systems in a fast-moving startup environment.
• A builder mentality is essential, with comfort in operating with ambiguity and tackling incomplete systems.

Benefits:

• The position offers full benefits, including medical, dental, vision, life, disability, HSA/FSA, and 401(k), with a detailed benefits overview available later in the process.
• Paid parental leave is provided.
• Unlimited PTO is offered, with encouragement to take time off.
• A $3,000 per year learning and development budget is available for attending industry conferences.
• Multiple team offsites are organized each year.
• A Macbook Pro laptop is provided for work purposes.
• A lunch stipend is available for employees physically present in the New York City office.