Staff Security Engineer, Product Security

Chainalysis Careers
London, GB

Who this role is best for

Aimed at senior security engineers with hands-on coding and penetration testing skills who thrive in blockchain and AI security contexts.

Best fit for

  • Security engineers who can both review and write production code across multiple languages.
    — “Strong production coding ability in at least one of Java (preferred), TypeScript/JavaScript, Python, or Go
  • Candidates with experience securing AI platforms and coding agents.
    — “Experience securing internal AI/LLM platforms and coding agents
  • Professionals comfortable with both technical security work and compliance frameworks.
    — “Drive SOC2 and compliance-related security remediation across product engineering

Things to consider

  • Participation in an on-call rotation for high-severity incidents is required.
    — “Participate in a shared on-call rotation for high-severity production security incidents
  • The role involves direct collaboration with product and platform engineering teams.
    — “partnering with product and platform engineering teams on design, code, and remediation

How to stand out

  • Highlight specific examples of integrating security into CI/CD pipelines.
    — “Building security automation into CI/CD pipelines
  • Demonstrate experience with threat modeling and secure design reviews.
    — “Threat modeling, secure design reviews, and static/dynamic code analysis across the SDLC
  • Showcase any blockchain or Web3 security experience, even if secondary.
    — “Experience in Web3, Blockchain or Digital Assets
Pace · SteadyCollaboration · HighAutonomy · MediumDecision Impact · TeamLevel · Senior

Derived from job-description analysis by Serendipath's career intelligence engine.

What success looks like

  • Leading security reviews for new product launches
  • Driving SOC2 and compliance-related security remediation
Typical background
8+ years of application security engineering experience

Skills & requirements

Required

Application SecurityPenetration TestingCode ReviewVulnerability ManagementSecurity Engineering

Preferred

Web3BlockchainAi/llm Platforms

Stack & domain

Application Security EngineeringProduction CodingJavaTypescript/javascriptPythonGoSecurity AutomationCi/cd PipelinesPenetration TestingThreat ModelingSecure Design ReviewsStatic/dynamic Code AnalysisWeb Application VulnerabilitiesAi/llm PlatformsCoding AgentsLlm GatewaysPrompt/response ControlsAgent PermissioningCloud And ContainersInfrastructure-as-codeSecurity ToolingCi/cd And Source ControlSecurity ReviewGuardrailsOn-call RotationProduction Security IncidentsSaas PlatformFinancial CrimeSecurity Engineering

About the role

Original posting from Chainalysis Careers via Ashby

ABOUT CHAINALYSIS

Blockchain technology is powering a growing wave of innovation. Businesses and governments around the world are using blockchains to make banking more efficient, connect with their customers, and investigate criminal cases. As adoption of blockchain technology grows, more and more organizations seek access to all this ecosystem has to offer. That’s where Chainalysis comes in. We provide complete knowledge of what’s happening on blockchains through our data, services, and solutions. With Chainalysis, organizations can navigate blockchains safely and with confidence.

ABOUT THE TEAM

Product Security at Chainalysis keeps our SaaS platform — used by governments, banks, and crypto exchanges to investigate financial crime — secure by design. We partner directly with product and platform engineering on threat modeling, design reviews, penetration testing, and remediation of findings across our AWS and Kubernetes estate.

As a Staff Product Security Engineer, you'll be the technical lead for product security across one or more product areas. You'll run security reviews for new launches and AI tooling, perform hands-on pentests, ship code and fixes directly into product repos, own our Vulnerability Disclosure Program, and drive SOC2 and risk-framework work across R&D. You'll participate in a shared on-call rotation for production security incidents.

IN THIS ROLE, YOU’LL:

  • Lead Product Security across Chainalysis' SaaS offerings, partnering with product and platform engineering teams on design, code, and remediation
  • Own Unified Security Review process for new product launches, vendor evaluations, and AI tooling — including custom penetration tests scoped to each review
  • Drive Security Engineering Risk Management Framework, for consistent risk classification and remediation tracking across product
  • Lead the Vulnerability Disclosure Program and security bug reporting workflow, from researcher intake through fix
  • Drive SOC2 and compliance-related security remediation across product engineering, partnering with R&D leads on architectural fixes
  • Provide security review and guardrails for internal AI platforms and coding agents (LLM gateways, prompt/response controls, agent permissioning)
  • Participate in a shared on-call rotation for high-severity production security incidents

WE’RE LOOKING FOR CANDIDATES WHO HAVE:

  • 8+ years of application security engineering experience
  • Strong production coding ability in at least one of Java (preferred), TypeScript/JavaScript, Python, or Go — enough to perform deep code review, write proof-of-concept exploits, and contribute fixes directly into product repos
  • Building security automation into CI/CD pipelines
  • Hands-on penetration testing of production SaaS applications, including custom tests scoped to new product launches
  • Threat modeling, secure design reviews, and static/dynamic code analysis across the SDLC
  • Identifying and remediating common web application vulnerabilities (OWASP Top 10)
  • Experience securing internal AI/LLM platforms and coding agents (model gateways, prompt/response controls, agent permissioning)

NICE TO HAVE EXPERIENCE:

  • Experience in Web3, Blockchain or Digital Assets
  • Experience building AI workflows, agents, and guardrailing

TECHNOLOGIES WE USE:

  • Cloud and containers: AWS, GCP, Kubernetes (EKS/GKE)
  • Infrastructure-as-Code: Terraform
  • Security tooling: Wiz, SonarCloud, Burp, Cloudflare
  • CI/CD and source control: GitHub, GitHub Actions, Artifactory and related build/deploy tooling
  • Languages and scripting: Java, JavaScript, Python, Go
  • AI Coding Agents, Tooling, Systems

About Chainalysis

Blockchain technology is powering a growing wave of innovation. Businesses and governments around the world are using blockchains to make banking more efficient, connect with their customers, and investigate criminal cases. As adoption of blockchain technology grows, more and more organizations seek access to all this ecosystem has to offer. That’s where Chainalysis comes in. We provide complete knowledge of what’s happening on blockchains through our data, services, and solutions. With Chainalysis, organizations can navigate blockchains safely and with confidence.

You belong here. 

At Chainalysis, we believe that diversity of experience and thought makes us stronger. With both customers and employees around the world, we are committed to ensuring our team reflects the unique communities around us. We’re ensuring we keep learning by committing to continually revisit and reevaluate our diversity culture.

We encourage applicants across any race, ethnicity, gender/gender expression, age, spirituality, ability, experience and more. If you need any accommodations to make our interview process more accessible to you due to a disability, don't hesitate to let us know. You can learn more here https://go.chainalysis.com/rs/503-FAP-074/images/Interview%20Accommodations%20Request.pdf. We can’t wait to meet you.

Source: Chainalysis Careers careers (Ashby)

Similar roles