BlockFi is hiring a

Web3 Lead Security Engineer, Cloud Security

BlockFi is looking for a Lead Security Engineer to join our Cyber Defense team

About the Team:

At BlockFi, our Security Team works across the entire spectrum of technologies and products that power our business, protecting over $3B in value.

This role is full-time remote, even after COVID. The Security Team is largely remote, working across timezones and prides itself on being solutions-focused. While facing incredibly complex threats in an ever-change security landscape, BlockFi has continued to thrive and needs the right tools built by passionate and energetic people.

About the Role:

As a Senior Security Engineer, you’ll be a part of a globally distributed Security team tackling challenging problems at scale. This role will primarily focus on maturing and scaling our cloud security efforts. You will be exposed to a wide range of challenges, from securing service deployments and account permissions, to improving the cloud monitoring and visibility capabilities of our Cyber Defense team. A successful candidate for this role will not only help identify areas for improvement in BlockFi’s cloud security posture, but also take initiative to design mitigations and improvements that address gaps in a systematic way.

Much of what we need, needs to be built and much of what we have needs to be refined. You will work across many teams including infrastructure, engineering, product, and across multiple streams. We’re looking for someone that has deep technical expertise and experience in AWS infrastructure and configuration, with a deep understanding of security paradigms as they apply to cloud environments.

Responsibilities

• Own and strengthen BlockFi’s Cloud Security Strategy and posture
• Partner with Engineering teams, Infrastructure Teams, Cyber Defense Teams and Security Architecture teams to design and implement effective cloud security controls
• ​​Leverage AWS native services and other Security tooling to improve Cyber Defense team monitoring and incident response capabilities
• Implement AWS Security best practices as guided by the AWS Well Architected Framework
• Design, advocate, and help build secure-by-default infrastructure guardrail that closes off entire classes of security problems.
• Build integrations for our security event monitoring platform to develop mechanisms to detect and respond to known attacker methodology.
• Demonstrate leadership by teaching, mentoring, growing cloud security expertise, and setting technical direction and priorities for infrastructure security goals.

Your Expertise

• 8+ years of experience in security engineering with 3+ years of experience in a Senior Security role focused on Cloud Security - (ie Security Architecture, Security Engineering, Infrastructure Security/DevSecOps, or other related disciplines.)
• Extensive experience and strong understanding of AWS services and cloud security controls including but not limited to such as IAM, KMS, VPC, Security Groups, AWS Inspector, Guard Duty and SCPs
• Hands-on experience with a diverse range of cloud security technologies, including identity and access management (IAM), web application firewalls, distributed denial of service (DDoS) mitigation, encryption technologies, security information and event management (SIEM), threat and vulnerability management, infrastructure as code (IaC), containerization.
• Hands-on experience with common Continuous Integration/Continuous Deployment platforms (GitHub Actions, Jenkins, CircleCI, etc)
• Hands-on experience with Infrastructure as Code tooling (Terraform, CloudFormation, or similar)
• Working knowledge of one or more general purpose programming/script languages including but not limited to: Java, C/C++, C#, Python, JavaScript, PowerShell
• Understanding of Content Delivery Network (CDN) configuration, maintenance and best practices (CloudFlare or similar)
• Experience with enabling, tuning, and extracting additional value from log generation from AWS services
• Good communication skills, and a willingness to train and mentor junior personnel
• Able to work with both technical and business stakeholders to design solutions that bring optimal security benefits while accounting for business needs and timelines.

Apply Now: