The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks’ platform and network provide the simplest and most secure way for companies to work with digital assets and it trusted by some of the largest financial institutions, banks, globally-recognized brands, and Web3 companies in the world, including BNY Mellon, BNP Paribas, ANZ Bank, Revolut, and thousands more.
About the Role
As the Director of Product Security, you will spearhead our efforts to fortify and enhance the security posture of our products and runtime environments and play a critical leadership role in overseeing the design, implementation, and maintenance of security controls for the organization's complex product applications, platform, development and cloud infrastructure.
You will lead a team of security experts and collaborate closely with engineering, product, and other business units to ensure the security and integrity of our applications, platforms, cloud infrastructure, and code stack against current & evolving threats.
Your leadership will be instrumental in embedding security best practices throughout the development and operations pipeline, ensuring a secure and scalable product environment. You will also drive the strategy, development, and implementation of a comprehensive application security program across our cloud-based applications.
Reporting line: CISO
What You'll Do
Strategic Leadership and Team Management:
- Strong leadership skills to develop and lead the strategic direction for the Application and Cloud Security teams.
- Lead risk assessments, threat modeling, and secure design reviews of cloud platforms to proactively identify vulnerabilities and ensure compliance with security standards.
- Oversee the design, implementation, and maintenance of security controls across multi-cloud environments (AWS, GCP, Azure) to protect infrastructure and applications.
- Experience in collaborating with cross-functional teams, including engineering, product management, and customer support, to embed security into product development and all aspects of cloud deployments.
Expertise in Application & Cloud Security Technologies:
- Strong background in hands-on development skills, deep knowledge of AWS & Azure cloud platforms with a focus on offensive security techniques.
- Familiarity with application security practices, threat modeling, penetration testing, red teaming, and fuzz testing, to identify and remediate vulnerabilities in applications and cloud environments.
- Drive the adoption of cutting-edge infrastructure cloud security technologies, including data security, encryption, identity and access management (IAM), and network security.
- Expertise in using tools (e.g. CSPM, IaC, SAST, secrets management etc) and methodologies for advanced security analysis, triage of vulnerabilities and other security operations.
- Advantage: Knowledge of cryptographic principles and best practices, including the implementation of encryption, hashing, and digital signatures in applications and managing keys and secrets in cloud environments.
Requirements:
- At least 10+ years of experience in security architecture, software development, cloud security, or a related field
- At least 5 years in a leadership role.
- Engineering background
- Proven leadership skills with a track record of leading high-performing security teams in a fast-paced, technology-driven environment.
- Excellent communication and interpersonal skills, with the ability to articulate complex security concepts to technical and non-technical audiences.
- Professional security certifications (e.g., CISSP, CISM, CCSP, OSCP) are highly desirable.
- Strong technical background in cloud services, DevOps, orchestration tools (e.g., Kubernetes), and cloud-native security tools (CSPM, CWPP).
- Excellent communication and stakeholder management skills, with the ability to influence security initiatives across cross-functional teams.
Fireblocks' mission is to enable every business to easily and securely access digital assets and cryptocurrencies. In order to do that, we strongly believe our workforce should be as diverse as our clients, and this is why we embrace diversity and inclusion in all its forms.