Member of Technical Staff, Security Engineering, AppSec Focus
Anchorage Digital
IT
United States
Posted 6+ months ago
At Anchorage Digital, we are building the world’s most advanced digital asset platform for institutions to participate in crypto.
Anchorage Digital is a crypto platform that enables institutions to participate in digital assets through custody, staking, trading, governance, settlement, and the industry's leading security infrastructure. Home to Anchorage Digital Bank N.A., the only federally chartered crypto bank in the U.S., Anchorage Digital also serves institutions through Anchorage Digital Singapore, Porto by Anchorage Digital, and other offerings.
The company is funded by leading institutions including Andreessen Horowitz, GIC, Goldman Sachs, KKR, and Visa, with its Series D valuation over $3 billion. Founded in 2017 in San Francisco, California, Anchorage Digital has offices in New York, New York; Porto, Portugal; Singapore; and Sioux Falls, South Dakota. Learn more at anchorage.com, on X @Anchorage, and on LinkedIn.
The Security Team shapes and maintains a culture of trust, safety, and resiliency for our clients and regulators. The Security Team manages production security infrastructure and automation, secure coding, monitoring, incident response, access management, continuous control improvements, SOC attestation, and third-party relationships.
As a member of this team focusing on Application Security, you will use various tools and techniques to analyze, test, and remediate vulnerabilities in our products and IT infrastructure. This includes web applications, APIs, and managing vulnerabilities in dependencies and containers.
You will play a crucial role in the team, delivering on medium-to-large impact projects. As an expert in triaging and responding to various signals, you will prioritize roadmap projects as the scale of Anchorage Digital increases by incorporating the "why" and the "big picture."
You will work across teams, applying your expertise to significantly influence both within and outside the team. Success in this role involves delivering impactful work that enhances the team's stability and resilience, embracing and contributing to the Anchorage Digital culture, and prioritizing the safety and security of Anchorage Digital and its clients.
Stay up to date on emerging threat intelligence to ensure we have accurate, tested playbooks for rapid response.
Technical Skills:
- Identify issues and promote best practice in our secure, resilient, and globally scalable infrastructure.
- Review code across the entire stack and assist other engineering teams in solving these issues with technical guardrails.
- Promote an efficient testing culture, minimizing technical debt and bureaucracy.
Complexity and Impact of Work:
- Enhance our Vulnerability Management program by identifying and addressing issues. Collaborate with engineering teams responsible for various services and products to ensure effective remediation.
- Automate manual tasks into continuous testing facilities to ensure Anchorage Digital is ready to scale securely.
- Independently drive work and lead or significantly contribute to medium-to-large Security Team initiatives. These projects often involve multiple team members and may cross engineering team boundaries. Lead projects from start to finish with minimal oversight, coordinating activities of other team members.
- Break down large projects into smaller tasks. Estimate the time and scope of these tasks accurately. Clearly present the different options considered, analyze trade-offs, and justify the recommended priorities.
- Work is reviewed upon completion and is consistent with departmental objectives. May be accountable for delivering tactical business targets that impact their team.
- Contribute high-quality code and infrastructure, making significant technical contributions to our platform. Monitor and address technical debt, and identify opportunities for improvement.
Organizational Knowledge:
- Understand the company's strategy to help ensure its successful implementation. Participate in planning and defining the Security Team's strategic goals in alignment with the overall goals of Anchorage Digital.
- Monitor for the development of company objectives and trends that might impact its success.
- Thoroughly consider security across the entire product ecosystem and foster a company culture that prioritizes it.
- Strike the right balance between rapid progress (shipping quickly) and precision (measuring twice).
Communication and Influence:
- Ensure knowledge is shared throughout the broader team and avoid positioning anyone as a single point of failure.
- Mentor and guide multiple engineers throughout the Engineering team. Help them understand how security impacts Anchorage Digital’s strategic goals, empowering them to develop new technologies and services safely with proper oversight and assurance.
- Collaborate across teams and services to solve problems. Review specs from other teams and engage in technical discussions. Clearly communicate insights, recommendations, and ideas to improve processes and address the technical backlog.
- Understand the context, needs, motivations, emotions, and concerns of others, and adjust communication to maximize impact and effectiveness.
You may be a fit for this role if you have:
- You have real world experience and skills in the following security fundamentals:
- Threat Modeling: Ability to identify potential threats and vulnerabilities in applications.
- Vulnerability Management: Monitoring dependencies and versions, conducting security assessments and testing, and code reviews.
- Secure Coding Practices: Ensuring applications are developed following secure coding standards and practices, resilient to vulnerabilities.
- Cryptography: Ability to validate usage of encryption technologies, digital signatures, and authentication protocols.
- Authentication and Authorization: Implementing robust authentication and authorization mechanisms.
- You have real world experience using:
- Web: JavaScript, HTML, CSS, and REST APIs.
- Mobile: iOS applications, Swift
- Security Tools: Burp Suite, OWASP ZAP, Nessus, Metasploit, and Wireshark.
- You have developed “computer science fundamentals”, i.e. concurrency, algorithms, and data structures (Formal CS degree NOT required).
- You’re familiar with common standards and frameworks such as OWASP, NIST, ISO27001, and PCI-DSS.
- You genuinely care about code quality and test infrastructure.
- You prioritize end-user experience and business value over “cool tech.”
- You self-describe as some combination of the following: creative, humble, ambitious, detail-oriented, hardworking, trustworthy, eager to learn, methodical, action-oriented, and tenacious.
Although not a requirement, bonus points if:
- In your mind the word “crypto” stands for cryptography, not cryptocurrency.
- You read blockchain protocol white papers for fun, and stay up to date with the proliferation of cryptoasset innovations.
- You were emotionally moved by the soundtrack to Hamilton, which chronicles the founding of a new financial system. :)
About Anchorage Digital: Who we are
The Anchorage Village, what we call our team, brings together the brightest minds from platform security, financial services, and distributed ledger technology to provide the building blocks that empower institutions to safely participate in the evolving digital asset ecosystem. As a diverse team of more than 300 members, we are united in one common goal: building the future of finance by providing the foundation upon which value moves safely in the new global economy.
Anchorage Digital is committed to being a welcoming and inclusive workplace for everyone, and we are intentional about making sure people feel respected, supported, and connected at work—regardless of who you are or where you come from. We value and celebrate our differences and we believe being open about who we are allows us to do the best work of our lives.
Anchorage Digital is an Equal Opportunity Employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or veteran status. Anchorage Digital considers qualified applicants regardless of criminal histories, consistent with other legal requirements. “Anchorage Digital” refers to services that are offered either through Anchorage Digital Bank National Association, an OCC-chartered national trust bank, or Anchorage Lending CA, LLC a finance lender licensed by the California Department of Financial Protection and Innovation, License No. 60DBO-11976, or Anchorage Digital Singapore Pte Ltd, a Singapore private limited company, all wholly-owned subsidiaries of Anchor Labs, Inc., a Delaware corporation.
Protecting your privacy rights is important to Anchorage Digital, and we work to maintain the trust and confidence of our clients when handling personal or financial information. Please see our privacy policy notices here.