JobStash Logo
Search...

Head of Security Engineering (AWS/KMS)

2 weeks agoLeadBrussels, NY, Barcelona, Paris, London, BerlinRemoteFull TimeCybersecurityJobs by Keyrock

Skills

Secure CodingAuthorizationDependency ManagementPolicy As CodeContainer SecurityCode ScanningDeveloper EnablementKey ManagementIncident ResponseTelemetryLoggingInfrastructure-As-CodeAwsCi/CdIamForensicsCloud SecurityThreat ModelingService AuthenticationSecrets ManagementEncryptionKms

About the Role

You will set the technical direction and execute the security engineering program. You will build secure-by-design cloud foundations and developer paved roads, and design cryptographic and key-management controls appropriate for a high-availability trading environment. You will lead and grow a hands-on security engineering team, define standards and measurable outcomes, and drive adoption of preventative controls through infrastructure-as-code and policy-as-code. You will own AWS cloud security architecture (multi-account landing zones, network segmentation, identity and access design, logging and telemetry baselines, and infrastructure hardening). You will own the enterprise encryption program in AWS including KMS key policy design, grants, cross-account patterns, rotation, and key lifecycle management. You will embed security into the SDLC through threat modeling, secure coding guidance, code scanning, dependency controls, build-time checks, and release gates. You will partner with Platform Engineering to harden runtime environments (containers, CI/CD runners, secrets management, service-to-service authentication) and with Security Operations to ensure detection quality, incident response tooling readiness, and forensic logging.

Requirements

  • 8+ years in security engineering (cloud, platform, or product security)
  • 3+ years leading teams or org-wide technical programs
  • Expert AWS security experience in production multi-account, high-availability environments
  • Deep AWS KMS expertise including key policies, grants, rotation, and cross-account usage
  • Strong working knowledge of IAM and least-privilege identity design
  • Proven ability to build security automation using infrastructure-as-code and CI/CD integration
  • Ability to write standards and runbooks and to influence senior engineers and executives
  • Nice to have: experience in trading, fintech, or 24x7 low-latency production environments
  • Nice to have: experience building paved-road platforms and familiarity with cloud security tooling (CSPM/CIEM, SAST/DAST, vulnerability management)

Responsibilities

  • Lead and grow a security engineering team
  • Set roadmap, standards, and measurable outcomes for security engineering
  • Design and own AWS cloud security architecture and multi-account landing zones
  • Build preventative controls using infrastructure-as-code and policy-as-code
  • Own AWS KMS key policy design, grants, rotation, and lifecycle management
  • Define cross-account and multi-account access patterns and controls
  • Embed security into the SDLC with threat modeling and secure coding practices
  • Harden runtime environments with Platform Engineering (containers, CI/CD, secrets)
  • Partner with Security Operations on detections, incident readiness, and forensic logging

Benefits

  • Predominantly remote work
  • Regular online and offline company hangouts
Keyrock logo
Keyrock
Brussels, BE
200 Employees

Funding

Series B ($72M)Series A ($5M)

Investors

RippleSIX FinTech VenturesMiddlegame VenturesVolta VenturesTNN Capital
View jobs by Keyrock

Similar Jobs

Blockdaemon

DevOps Security Engineer

Blockdaemon · 18 hours ago

Wave Mobile Money Inc.

Endpoint Engineer

Wave Mobile Money Inc. · 1 day ago

Matter Labs

Senior Infrastructure Security Engineer

Matter Labs · 1 week ago

Matter Labs

Protocol Security Engineer

Matter Labs · 1 week ago

Paxos

Engineering Manager, Cloud Security

Paxos · 3 weeks ago