Senior Product Security Engineer

Build a Safer World. TRM Labs provides blockchain analytics and AI solutions to help law enforcement and national security agencies, financial institutions, and cryptocurrency businesses detect, investigate, and disrupt crypto-related fraud and financial crime. TRM’s blockchain intelligence and AI platforms include solutions to trace the source and destination of funds, identify illicit activity, build cases, and construct an operating picture of threats. TRM is trusted by leading agencies and businesses worldwide who rely on TRM to enable a safer, more secure world for all. The Security team is responsible for and committed to securing all things at TRM. From our customers to our code, and everything in between, the security team is involved in all aspects of the business. We are looking for an Application Security Engineer to build mission-critical infrastructure that ensures the highest levels of availability, performance, and application security at TRM for products as built and deployed. From designing the technical strategy to company-wide best practices and implementation, you’ll work closely with engineering and engineering leadership to ensure TRM’s products are safe and secure. The impact you’ll have here: Lead application security reviews and threat modeling, including secure code review, architectural design, and testing. Develop automated testing and mature our Secure SDLC. Own and perform application security vulnerability management. Coordinate penetration testing engagements. Support software engineers and product teams by developing application security best practices. Develop and maintain the bug bounty program. Bootstrap platform security initiatives that help protect TRM data. Inspire a culture of security across the engineering organization by fostering security champions within engineering teams and coordinating secure code training. What we’re looking for: Minimum 8 years of experience in Software Development and testing. BS (or equivalent) in Computer Science, Computer Engineering, or related field. Proficiency in software development languages: Python, NodeJS, React Strong understanding of encryption, authentication, and authorization protocols Deep experience with common software flaws (e.g., OWASP and CWE), testing methodologies , and using common security tooling for testing. Professional experience with open source, commercial, or native security solutions for cloud providers such as GCP and AWS. Experience with modern secure software development lifecycles, threat modeling, and best practices. Experience with conducting efficient and comprehensive code security reviews on a daily or weekly basis Experience triaging and remediating vulnerabilities in software packages or libraries Experience with Software Security tools such as Github advanced security or other SAST, DAST, and SCA tools Experience with Web application testing frameworks such as BurpSuite, OWASP ZAP, etc. Experience with Threat modeling tools such as OWASP Threat Dragon, etc. Experience working in a previous agile-based software development role required Experience Red Teaming or penetration testing applications and infrastructure Professional experience with cloud providers (e.g., GCP and AWS), modern secure software development lifecycles, and best practices. Strong written and verbal communication skills. Security certifications such as OSCP, CEH, GWAPT are a plus. Familiarity with security frameworks (e.g., NIST SP 800-171 SSDF) is a plus About the Team: The culture of our team is built on mutual respect, where everyone's opinion is valued and heard. We prioritize flexibility and efficiency, always seeking smarter ways to work without compromising quality. Transparency is at the heart of how we operate, both within the team and with the business, as we focus on clearly communicating and addressing cyber risks. Our collaborative approach ensures that we not only mitigate these risks but also alig ... (truncated, view full listing at source)