Staff Security Engineer, Product Security

Chainalysis Inc.

Job Overview

Location

United Kingdom

Job Type

Full-time

Full Job Description

📋 Description

• Lead product security initiatives across Chainalysis’ SaaS platform, partnering directly with product and platform engineering teams on secure design, code reviews, and remediation of vulnerabilities
• Own and execute the Unified Security Review process for all new product launches, vendor evaluations, and AI tooling deployments, including custom penetration tests tailored to each scope
• Drive the Security Engineering Risk Management Framework to standardize risk classification, prioritization, and remediation tracking across all product engineering teams
• Lead the Vulnerability Disclosure Program, managing the full lifecycle from researcher intake and triage through validation, remediation coordination, and public disclosure
• Spearhead SOC2 and other compliance-related security remediation efforts across R&D, collaborating with engineering leads to implement architectural fixes and control improvements
• Provide security guardrails and reviews for internal AI platforms and coding agents, including LLM gateways, prompt/response controls, and agent permissioning systems
• Conduct hands-on penetration testing of production SaaS applications, focusing on custom attack vectors tied to new features and infrastructure changes
• Ship code and security fixes directly into product repositories using Java, TypeScript/JavaScript, Python, or Go to resolve critical vulnerabilities
• Participate in a shared on-call rotation to respond to high-severity production security incidents and ensure rapid incident containment and resolution
• Integrate security automation into CI/CD pipelines using GitHub Actions and related tooling to enforce security controls at every stage of the software development lifecycle
• Perform threat modeling and secure design reviews throughout the SDLC, applying static and dynamic code analysis to identify risks early in development
• Identify and remediate common web application vulnerabilities aligned with the OWASP Top 10 across all product surfaces
• Maintain and evolve security tooling stack including Wiz, SonarCloud, Burp Suite, and Cloudflare to enhance detection and response capabilities
• Collaborate with cross-functional teams to secure blockchain-based infrastructure built on AWS and Kubernetes (EKS/GKE), leveraging Terraform for infrastructure-as-code

🎯 Requirements

• 8+ years of application security engineering experience
• Strong production coding ability in at least one of Java (preferred), TypeScript/JavaScript, Python, or Go to perform deep code reviews, write proof-of-concept exploits, and contribute fixes directly into product repos
• Hands-on experience with penetration testing of production SaaS applications, including custom tests scoped to new product launches
• Proven experience building security automation into CI/CD pipelines
• Demonstrated expertise in threat modeling, secure design reviews, and static/dynamic code analysis across the SDLC
• Experience identifying and remediating common web application vulnerabilities (OWASP Top 10)

🏖️ Benefits

• Participation in a shared on-call rotation for high-severity production security incidents
• Opportunity to work with cutting-edge AI/LLM platforms and coding agents in a production environment
• Exposure to blockchain and Web3 technologies in a mission-driven security context
• Collaboration with global engineering teams on AWS, Kubernetes, and Terraform-based infrastructure

Skills & Technologies

Python

JavaScript

TypeScript

Java

AWS

Senior

Onsite

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Chainalysis Inc.

Visit Website

About Chainalysis Inc.

Chainalysis Inc. provides blockchain data analytics and compliance software to governments, banks, and private-sector clients. Its platform traces cryptocurrency transactions to investigate illicit activity, assess risk, and ensure regulatory compliance. Founded in 2014 and headquartered in New York City, the company indexes on-chain data across multiple blockchains, offering investigation, risk management, and compliance tools that help institutions transact safely with digital assets and support law enforcement in tracking ransomware, money laundering, and other financial crimes.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.