Mar 23, 2022

Lead Security Engineer, Cloud Security

  • BlockFI
  • New York, NY
Full time Cloud Engineer Network Engineer Security Engineer

Job Description

What is BlockFi?

BlockFi’s mission is to provide liquidity, transparency and efficiency to digital financial markets by creating products that meet the needs of consumers and corporations across the globe. We build bridges between traditional finance and digital markets that enable growth for all participants.

We’re a team of builders and strivers, proud to champion financial inclusivity and offer economic opportunities around the globe. We provide the same inclusivity to our team members. BlockFi is a place where diversity is celebrated, individuality is recognized, and every single team member is valued. We are changing the status quo to be the first financial company that people love, and we rely on our people to make it happen!

BlockFi is looking for a Lead Security Engineer to join our Cyber Defense team

About the Team:

At BlockFi, our Security Team works across the entire spectrum of technologies and products that power our business, protecting over $10B in value. 

This role is full-time remote, even after COVID. The Security Team is largely remote, working across timezones and prides itself on being solutions-focused. While facing incredibly complex threats in an ever-change security landscape, BlockFi has continued to thrive and needs the right tools built by passionate and energetic people.

About the Role:

As a Senior Security Engineer, you’ll be a part of a globally distributed Security team tackling challenging problems at scale. This role will primarily focus on maturing and scaling our cloud security efforts. You will be exposed to a wide range of challenges, from securing service deployments and account permissions, to improving the cloud monitoring and visibility capabilities of our Cyber Defense team. A successful candidate for this role will not only help identify areas for improvement in BlockFi’s cloud security posture, but also take initiative to design mitigations and improvements that address gaps in a systematic way.

Much of what we need, needs to be built and much of what we have needs to be refined. You will work across many teams including infrastructure, engineering, product, and across multiple streams. We’re looking for someone that has deep technical expertise and experience in AWS infrastructure and configuration, with a deep understanding of security paradigms as they apply to cloud environments. 

Responsibilities

  • Own and strengthen BlockFi’s Cloud Security Strategy and posture
  • Partner with Engineering teams, Infrastructure Teams, Cyber Defense Teams and Security Architecture teams to design and implement effective cloud security controls
  • ​​Leverage AWS native services and other Security tooling to improve Cyber Defense team monitoring and incident response capabilities
  • Implement AWS Security best practices as guided by the AWS Well Architected Framework
  • Design, advocate, and help build secure-by-default infrastructure guardrail that closes off entire classes of security problems.
  • Build integrations for our security event monitoring platform to develop mechanisms to detect and respond to known attacker methodology.
  • Demonstrate leadership by teaching, mentoring, growing cloud security expertise, and setting technical direction and priorities for infrastructure security goals.

Your Expertise

  • 8+ years of experience in security engineering with 3+ years of experience in a Senior Security role focused on Cloud Security - (ie Security Architecture, Security Engineering, Infrastructure Security/DevSecOps, or other related disciplines.)
  • Extensive experience and strong understanding of AWS services and cloud security controls including but not limited to such as IAM, KMS, VPC, Security Groups, AWS Inspector, Guard Duty and SCPs
  • Hands-on experience with a diverse range of cloud security technologies, including identity and access management (IAM), web application firewalls, distributed denial of service (DDoS) mitigation, encryption technologies, security information and event management (SIEM), threat and vulnerability management, infrastructure as code (IaC), containerization.
  • Hands-on experience with common Continuous Integration/Continuous Deployment platforms (GitHub Actions, Jenkins, CircleCI, etc)
  • Hands-on experience with Infrastructure as Code tooling (Terraform, CloudFormation, or similar)
  • Working knowledge of one or more general purpose programming/script languages including but not limited to: Java, C/C++, C#, Python, JavaScript, PowerShell
  • Understanding of Content Delivery Network (CDN) configuration, maintenance and best practices (CloudFlare or similar)
  • Experience with enabling, tuning, and extracting additional value from log generation from AWS services
  • Good communication skills, and a willingness to train and mentor junior personnel
  • Able to work with both technical and business stakeholders to design solutions that bring optimal security benefits while accounting for business needs and timelines.

Your Perks:

We benefit from the great work our employees do each day. That is why we are committed to providing a variety of awesome benefits to help them live their best lives.

  • Competitive salary because we value your experience and expertise
  • Unlimited vacation / sick days because everyone deserves time for R&R
  • Employer contribution towards health coverage (including vision & dental) because your physical health and well-being is important to us 
  • Various fringe benefits such as 401k, Parental Leave, FSA/HSA, and Employee Assistance Programs because health coverage is more than just choosing your yearly plan 
  • Flexible work environment because we are a geographically dispersed team and we believe in balance
  • Pet insurance because all of your beloved family members should have coverage too
  • Weekly lunch stipend because there is such a thing as a free lunch!
  • A close-knit team of enthusiastic, collegial and driven people to work alongside in a highly meritocratic environment because teamwork makes the dreamwork

Why BlockFi?

BlockFi has experienced incredible growth since our launch in August 2017. Our client base has grown to more than 225,000 (and counting), and the company now boasts more than $15 billion in assets on our platform. We recently completed a Series D funding round placing the company's valuation at $3 billion, and our team now has more than 500 people worldwide. We have established ourselves as a crypto market leader, and as we expand our product suite and geographic footprint, we expect our addressable market to grow exponentially.

BlockFi's leadership team has decades of experience in the traditional financial services and banking world, and we take a conservative approach to regulation that will position us well for sustainable long-term growth and expansion.

Our team is comprised of highly motivated professionals from diverse backgrounds. We are aiming to become the leading lender in crypto and are poised to redefine the global financial ecosystem for the better. In addition:

  • BlockFi is one of the first companies to ever offer crypto-backed loans and the only company whose founding team has an institutional understanding of the debt capital markets and regulatory landscape in the U.S.
  • $100 MM of Series A, B, and C funding led by Valar Ventures with participation from Susquehanna, Winklevoss Capital, Fidelity, Galaxy Digital, Akuna Capital, and Morgan Creek
  • $350 MM of Series D funding led by Bain Capital Ventures, partners of DST Global, Pomp Investments and Tiger Global
  • We are moving quickly and have already deployed substantial capital into the space, proving our ability to execute and capture customer demand

For information about how we collect, use, or otherwise handle your Personal Information, please see our Privacy Policy.