Senior Security Engineer
Crossmint provides a suite of tools for developers to build applications that interact with NFTs and other digital assets. Their products include wallet infrastructure, on/off-ramps for fiat-to-crypto transactions, and tools for minting and managing digital assets, aiming to simplify the user experience for both developers and end-users in the Web3 space.
Funding
Investors
About Crossmint
Crossmint provides a comprehensive suite of tools for developers to build NFT and wallet applications. Their offerings include wallet infrastructure, authentication services, on and off-ramps for digital assets, a digital asset checkout system, tokenization tools, and support for verifiable credentials. They cater to both individual developers and enterprise clients, providing resources like a developer console, help center, and status pages. The platform emphasizes security and compliance, as indicated by their Trust Center and adherence to standards like SOC 2, GDPR, and CCPA.
Skills
About the Role
You will own and operate day-to-day security for cloud infrastructure and applications. You will design, maintain, and monitor security controls, secure CI/CD and software supply chain, perform secure code reviews, manage access and credential rotation, drive vulnerability remediation, and support incident response and audit evidence collection.
Requirements
- 4-8 years of experience as a security engineer
- 3+ years hands-on experience securing AWS environments including IAM, Security Hub, CloudTrail, GuardDuty, and KMS
- Strong understanding of CI/CD security including GitHub Actions, secrets scanning, and dependency management
- Experience with secure code review or application security fundamentals
- Experience working with at least one compliance framework, preferably SOC 2
- Highly organized with strong attention to detail
- Comfort operating in a fast-paced startup environment and communicating security concepts to non-technical stakeholders
- Experience using AI-assisted tools such as Claude or GitHub Copilot
- Ability to work flexible hours if an incident arises
- Nice to have: fintech or payments experience
- Nice to have: exposure to DORA or MiCA compliance requirements
- Nice to have: familiarity with crypto or blockchain security considerations
Responsibilities
- Own and operate cloud security across AWS and other cloud environments
- Design, maintain, and monitor engineering security controls including IAM, logging, monitoring, and key management
- Secure CI/CD pipelines, GitHub Action environments, secrets management, and software supply chain
- Manage security-related access controls, privileged access, service accounts, and credential rotation
- Perform secure code reviews and provide application security support
- Review authentication flows, payment logic, and API security and partner with engineers on remediation
- Coordinate external security reviews with third-party auditor firms
- Own vulnerability management workflows including prioritization, remediation tracking, and verification
- Support incident response through triage, investigation, and remediation
- Collect evidence and document controls to support SOC 2 and other compliance audits
Benefits
- Extensive access to leading AI tools and subscriptions
- Stock options program
- Two performance reviews annually
- Unlimited flexible PTO
- Flexible work schedule
- Company laptop and allowance for home equipment
- Daily stipend for commuting to the office
- Company-paid trips for annual off-sites and onsites
- Insurance covered by Crossmint
- 401(k) Plan
