RemoteLeaf Logo
Log in Sign up

Principal Security Engineer, Privy

5 hours, 33 minutes ago
United States
Full-time
Lead
Security Engineer
Cybersecurity
AWS Blockchain CI/CD Encryption Go Java JavaScript Microservices Network Security OAuth OpenID Connect Penetration Testing Python Ruby Rust Secrets Management TypeScript
Apply Now
Stripe

Stripe

Stripe is a global technology company that provides financial infrastructure for the internet. They offer a suite of APIs and tools for businesses to accept online and in-person payments, automate financial processes, and embed financial services in th...

Diversified Financial Services
5K-10K
Founded 2009
$8700M raised
View All Jobs 190

Description

  • Lead security architecture reviews for embedded wallets, authentication flows, key management systems, transaction signing, and developer-facing APIs.
  • Conduct advanced threat modeling for web, mobile, cloud, wallet, blockchain, and cryptographic systems.
  • Identify, validate, prioritize, and remediate vulnerabilities across applications, infrastructure, APIs, CI/CD pipelines, third-party integrations, and production services.
  • Design and implement scalable security controls, automation, detection, alerting, and monitoring.
  • Lead or support incident response, security investigations, root-cause analysis, containment, remediation, and post-incident hardening.
  • Evaluate the security impact of new product launches, infrastructure changes, vendor integrations, cryptographic designs, and authentication mechanisms.
  • Develop security standards, secure engineering guidance, review processes, and technical documentation.
  • Partner with engineering leadership to embed security into design, development, deployment, and operations.
  • Manage external vulnerability reports, responsible disclosure submissions, penetration test findings, bug bounty reports, and third-party security assessments.
  • Perform hands-on vulnerability research and proof-of-concept validation for complex application, protocol, authentication, authorization, cloud, and blockchain security issues.
  • Mentor engineers and security team members on secure design, exploitability analysis, vulnerability remediation, and risk-based prioritization.

Requirements

  • 10 years of professional experience in software security, application security, product security, infrastructure security, security engineering, vulnerability research, incident response, or a closely related technical security role.
  • Substantial hands-on experience securing production software systems, cloud infrastructure, web applications, APIs, authentication systems, or financial technology platforms.
  • Bachelor’s degree in a related technical field such as Computer Science, Computer Engineering, Information Systems, Information Security, Cybersecurity, Software Engineering, Electrical Engineering, or Mathematics; foreign equivalent degrees accepted.
  • Experience with security architecture and threat modeling for complex software systems.
  • Experience with application security, including web application vulnerabilities, API security, authentication, authorization, session management, input validation, injection flaws, SSRF, XSS, CSRF, access control failures, and business logic vulnerabilities.
  • Experience with cloud and infrastructure security, including AWS or comparable platforms, IAM, network security, secrets management, containerized workloads, CI/CD security, logging, monitoring, and production hardening.
  • Ability to read, review, and reason about production code in languages such as JavaScript, TypeScript, Python, Go, Java, Ruby, Rust, or similar.
  • Experience with incident response, security investigations, vulnerability triage, exploitability assessment, remediation planning, and post-incident review.
  • Knowledge of cryptographic and authentication concepts, including public-key cryptography, digital signatures, key management, secure enclave or hardware-backed security models, OAuth/OIDC, passkeys/WebAuthn, wallet signing flows, and secure transaction approval patterns.
  • Experience with security tooling and automation such as SAST, DAST, dependency analysis, vulnerability scanners, custom detection tooling, logging pipelines, or security workflow automation.
  • Ability to prioritize vulnerabilities and security findings based on risk in a production engineering environment.
  • Strong communication skills for working with engineering, product, infrastructure, legal, compliance, and executive stakeholders.
  • Ability to independently lead ambiguous, high-impact security initiatives across multiple teams.
  • Ability to mentor engineers and influence secure design decisions without direct management authority.
  • Preferred: experience securing cryptocurrency, blockchain, wallet, custody, payment, financial technology, or high-value transaction systems.
  • Preferred: experience with bug bounty programs, responsible disclosure, penetration testing, red-team findings, or vulnerability research.
  • Preferred: experience reviewing cryptographic protocols, transaction signing systems, embedded wallets, smart-contract-adjacent systems, or developer SDKs.
  • Preferred: experience building internal security platforms, security automation, detection systems, or developer-facing security tools.
  • Preferred: public contributions such as conference presentations, publications, open-source tools, vulnerability disclosures, CVEs, security research, or peer review of security work.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Anduril Industries

Staff Security Engineer

Anduril Industries 1K-5K Aerospace & Defense

Anduril Industries is hiring a Security Engineer to secure its OT and ICS environments and help design foundational defenses for advanced defense technology and factory systems.

United States Full-time Lead Security Engineer
$191k-$253k
Go Linux Python Rust
3 hours, 44 minutes ago
Sporty Group

Senior Purple Operations Engineer

Sporty Group 51-250 Media

Sporty is hiring a Purple Operations Engineer to improve the quality and reliability of security detections across its security monitoring environment and turn threat findings into actionable defensive controls.

Europe Full-time Senior Security Engineer
Azure Bash Cloudflare Confluence GitHub GitLab JIRA Kubernetes Lucene PowerShell Python SIEM SOC
4 hours, 18 minutes ago
Ivanti

Senior Software Engineer | Python | GoLang | Containerization | Cloud

Ivanti 1K-5K Internet Software & Services

Ivanti is seeking a Senior Software Engineer on its U.S. Threat Operations team to build security automation and internal applications that strengthen the company’s cloud and endpoint security posture.

Remote
Full-time Senior Security Engineer Software Engineer
Angular AWS Azure Docker Go JavaScript Kubernetes Linux Microservices OAuth Python REST API SAML TypeScript
4 hours, 33 minutes ago
Blueprint Technologies

DevSecOps Engineer

Blueprint Technologies 251-1K Internet Software & Services

Blueprint is hiring a DevSecOps Engineer to support secure cloud infrastructure, deployment automation, and operational reliability for enterprise analytics platforms and applications.

United States Full-time Senior DevOps Engineer Security Engineer
$95k-$105k
Argo CD AWS CI/CD DevSecOps Docker GitHub Actions Jenkins Kubernetes OpenShift Terraform
4 hours, 33 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers