United States Hybrid Employment

Anchorage Digital is hiring a Member of Technical Staff, Security Operations

Responsibilities

Build and maintain security automation and tooling to detect vulnerabilities through static and dynamic analysis across code and live systems
Conduct application security assessments, penetration tests, and code reviews to identify high-risk security issues and provide secure development guidance
Develop and operate vulnerability management workflows, partnering with engineering teams to prioritize and remediate findings
Establish and test security guardrails for code, cloud resources, and infrastructure components throughout the Anchorage platform
Monitor and respond to security events and configuration anomalies across the organization, leading investigation and containment efforts
Manage the full vulnerability lifecycle from discovery through remediation, tracking progress and ensuring timely closure of findings
Lead or substantially contribute to Security Operations initiatives with minimal oversight, coordinating across team boundaries to drive projects to completion
Break complex security problems into manageable workstreams with accurate scope and time estimates. Present options clearly and provide well-reasoned priority recommendations
Deliver assurance artifacts and evidence for regulated entity requirements, supporting audit and compliance efforts
Balance speed of response with thoroughness of investigation, adapting approach based on risk and business impact
Understand and help implement the company's security strategy by participating in planning and defining Security Operations goals in alignment with Anchorage Digital's overall objectives
Stay alert to emerging threats, vulnerabilities, and industry trends that could affect organizational security posture
Consider security holistically across the product ecosystem—applications, infrastructure, and third-party integrations—while fostering a security-first culture
Collaborate cross-functionally with Engineering, Infrastructure, and Compliance teams to embed security into development and operational processes
Share knowledge broadly across the team through documentation, runbooks, and post-incident reviews, preventing single points of failure
Partner with engineering teams to explain security risks and remediation approaches, translating technical findings into actionable guidance
Collaborate across teams to review security configurations, triage findings, and engage in technical discussions. Communicate insights and recommendations clearly to improve processes
Demonstrate empathy by understanding others' context, priorities, and constraints—adapting communication style to maximize effectiveness with both technical and non-technical audiences

Requirements

3+ years of hands-on experience in security engineering, application security, penetration testing, or security operations
built or maintained security tools, integrations, or automation workflows using Python, Go, or similar languages
identify and assess security vulnerabilities in applications, APIs, and cloud infrastructure, and effectively communicate remediation strategies
experience with tools like Semgrep, CodeQL, Burp Suite, or equivalent for identifying security issues in code and running systems
understand AWS security fundamentals including IAM, VPCs, security groups, and CloudTrail/logging
investigate security events, perform root cause analysis, and coordinate response efforts
developed 'computer science fundamentals,' i.e. concurrency, algorithms, and data structures
genuinely care about code quality and operational excellence
prioritize security outcomes, end-user experience, and business value over 'cool tech'
self-describe as some combination of the following: creative, humble, ambitious, detail-oriented, hardworking, trustworthy, eager to learn, methodical, action-oriented, and tenacious

Nice to Have

experience running or participating in bug bounty programs (HackerOne, Bugcrowd, etc.)
worked in a regulated financial services, fintech, or crypto environment
exposure to blockchain security, smart contract auditing, or Web3 technologies
built or contributed to open-source security tools
hold relevant certifications (OSCP, GWAPT, GCIH, AWS Security Specialty, etc.)
read blockchain protocol white papers for fun, and stay up to date with the proliferation of crypto-asset innovations
were emotionally moved by the soundtrack to Hamilton, which chronicles the founding of a new financial system

Work Arrangement

Hybrid

Additional Information

quarterly in-person collaboration days
remote friendly, global team

Required Skills

security engineeringapplication securitypenetration testingor security operationstools like SemgrepCodeQLBurp Suiteor equivalent for identifying security i security engineeringapplication securitypenetration testingor security operationstools like SemgrepCodeQLBurp Suiteor equivalent for identifying security i

Planning long-term in Thailand?

Full relocation support, start to finish

From visa strategy to housing, banking, and schools for your family — SVBL plans and manages every detail of your move to Thailand so nothing falls through the cracks.

Complete relocation planning

Family visa & school enrollment

Banking & insurance setup

Cultural integration support

Plan your move

One partner for everything

About company

Anchorage Digital is building the world’s most advanced digital asset platform for institutions to participate in crypto. It is a crypto platform that enables institutions through custody, staking, trading, governance, settlement, and security infrastructure, and is home to the first federally chartered crypto bank in the U.S.

All jobs at Anchorage Digital Visit website

Job Details

Department Engineering – Security Engineering

Category security

Posted 2 hours ago