Search...

Staff Security Engineer, Product Security

Chainalysis logo
Chainalysis

Chainalysis is the blockchain data platform.

New York, USA
750 Employees
About Chainalysis

Chainalysis offers a blockchain data platform that utilizes sophisticated machine learning and proprietary architecture to handle extensive clustering heuristics, ingest data at scale, and ensure high data accuracy. The platform supports new blockchains and standard tokens automatically, providing comprehensive industry coverage. It simplifies tracing fund flows through complex transactions like bridges, mixers, and DEX swaps. The data provided by Chainalysis is court-admissible and has been instrumental in legal actions. The company provides global, 24/7 support with localized guidance and expertise in various threat typologies and advanced investigative techniques. Through its R&D initiative, Chainalysis Labs, the company continues to innovate and introduce new, unique features and capabilities in blockchain intelligence.

View jobs by Chainalysis

Skills

About the Role

You'll be the technical lead for product security across one or more product areas. You'll run security reviews for new launches and AI tooling, perform hands-on pentests, ship code and fixes directly into product repos, own the Vulnerability Disclosure Program, and drive SOC2 and risk-framework work across R&D. You'll also participate in a shared on-call rotation for production security incidents, partnering closely with product and platform engineering teams to secure the SaaS platform used by governments, banks, and crypto exchanges.

Requirements

  • 8+ years of application security engineering experience
  • Strong production coding ability in at least one of Java (preferred), TypeScript/JavaScript, Python, or Go
  • Building security automation into CI/CD pipelines
  • Hands-on penetration testing of production SaaS applications, including custom tests scoped to new product launches
  • Threat modeling, secure design reviews, and static/dynamic code analysis across the SDLC
  • Identifying and remediating common web application vulnerabilities (OWASP Top 10)
  • Experience securing internal AI/LLM platforms and coding agents

Responsibilities

  • Lead Product Security across Chainalysis' SaaS offerings, partnering with product and platform engineering teams on design, code, and remediation
  • Own Unified Security Review process for new product launches, vendor evaluations, and AI tooling, including custom penetration tests scoped to each review
  • Drive Security Engineering Risk Management Framework for consistent risk classification and remediation tracking across product
  • Lead the Vulnerability Disclosure Program and security bug reporting workflow, from researcher intake through fix
  • Drive SOC2 and compliance-related security remediation across product engineering, partnering with R&D leads on architectural fixes
  • Provide security review and guardrails for internal AI platforms and coding agents
  • Participate in a shared on-call rotation for high-severity production security incidents