Staff Security Engineer, Product Security

Requirements

• ABOUT CHAINALYSIS Blockchain technology is powering a growing wave of innovation.
• Businesses and governments around the world are using blockchains to make banking more efficient, connect with their customers, and investigate criminal cases.
• As adoption of blockchain technology grows, more and more organizations seek access to all this ecosystem has to offer.
• We provide complete knowledge of what’s happening on blockchains through our data, services, and solutions.
• With Chainalysis, organizations can navigate blockchains safely and with confidence.
• ABOUT THE TEAM Product Security at Chainalysis keeps our SaaS platform — used by governments, banks, and crypto exchanges to investigate financial crime — secure by design.
• We partner directly with product and platform engineering on threat modeling, design reviews, penetration testing, and remediation of findings across our AWS and Kubernetes estate.
• You'll run security reviews for new launches and AI tooling, perform hands-on pentests, ship code and fixes directly into product repos, own our Vulnerability Disclosure Program, and drive SOC2 and risk-framework work across R&D.
• IN THIS ROLE, YOU’LL: - Lead Product Security across Chainalysis' SaaS offerings, partnering with product and platform engineering teams on design, code, and remediation - Own Unified Security Review process for new product launches, vendor evaluations, and AI tooling — including custom penetration tests scoped to each review - Drive Security Engineering Risk Management Framework, for consistent risk classification and remediation tracking across product - Lead the Vulnerability Disclosure Program and
• experience - Strong production coding ability in at least one of Java (preferred), TypeScript/JavaScript, Python, or Go — enough to perform deep code review, write proof-of-concept exploits, and contribute fixes directly into product repos - Building security automation into CI/CD pipelines - Hands-on penetration testing of production SaaS applications, including custom tests scoped to new product launches - Threat modeling, secure design reviews, and static/dynamic code analysis across the SDLC -
• Experience securing internal AI/LLM platforms and coding agents (model gateways, prompt/response controls, agent permissioning) NICE TO HAVE EXPERIENCE: -
• Experience in Web3, Blockchain or Digital Assets -
• Experience building AI workflows, agents, and guardrailing TECHNOLOGIES WE USE: - Cloud and containers: AWS, GCP, Kubernetes (EKS/GKE) - Infrastructure-as-Code: Terraform - Security tooling: Wiz, SonarCloud, Burp, Cloudflare - CI/CD and source control: GitHub, GitHub Actions, Artifactory and related build/deploy tooling - Languages and scripting: Java, JavaScript, Python, Go - AI Coding Agents, Tooling, Systems About Chainalysis Blockchain technology is powering a growing wave of innovation.