About the Role
You'll be the technical lead for product security across one or more product areas. You'll run security reviews for new launches and AI tooling, perform hands-on pentests, ship code and fixes directly into product repos, own the Vulnerability Disclosure Program, and drive SOC2 and risk-framework work across R&D. You'll also participate in a shared on-call rotation for production security incidents, partnering closely with product and platform engineering teams to secure the SaaS platform used by governments, banks, and crypto exchanges.
Requirements
- 8+ years of application security engineering experience
- Strong production coding ability in at least one of Java (preferred), TypeScript/JavaScript, Python, or Go
- Building security automation into CI/CD pipelines
- Hands-on penetration testing of production SaaS applications, including custom tests scoped to new product launches
- Threat modeling, secure design reviews, and static/dynamic code analysis across the SDLC
- Identifying and remediating common web application vulnerabilities (OWASP Top 10)
- Experience securing internal AI/LLM platforms and coding agents
Responsibilities
- Lead Product Security across Chainalysis' SaaS offerings, partnering with product and platform engineering teams on design, code, and remediation
- Own Unified Security Review process for new product launches, vendor evaluations, and AI tooling, including custom penetration tests scoped to each review
- Drive Security Engineering Risk Management Framework for consistent risk classification and remediation tracking across product
- Lead the Vulnerability Disclosure Program and security bug reporting workflow, from researcher intake through fix
- Drive SOC2 and compliance-related security remediation across product engineering, partnering with R&D leads on architectural fixes
- Provide security review and guardrails for internal AI platforms and coding agents
- Participate in a shared on-call rotation for high-severity production security incidents