Brussels•New York•New Jersey•Barcelona•Paris•London•California•Florida•Illinois•Berlin
Remote
Senior
Full Time
28 days ago
securityAWSKMScloud securityleadershipencryptionkey managementsecure SDLC
Requirements
- •8+ years in security engineering (cloud, platform, and/or product security), with 3+ years leading teams or leading org-wide technical programs
- •Expert AWS security experience in production environments (multi-account, high availability)
- •Deep AWS KMS expertise: key policies, grants, rotation, and cross-account usage patterns
- •Strong working knowledge of IAM, identity design, and least-privilege access controls in cloud environments
- •Proven ability to build security automation (infrastructure-as-code, CI/CD integration, policy enforcement, developer enablement)
- •Clear communication skills: can write standards/runbooks and influence senior engineers and executives
What You'll Do
- •Lead and grow a high-performing security engineering team (cloud, platform, application security), setting roadmap, standards, and measurable outcomes
- •Establish engineering patterns that balance speed and control (secure defaults, automation-first, self-service guardrails)
- •Own cloud security architecture for AWS: landing zone patterns, multi-account strategy, network segmentation, identity and access design, logging/telemetry baselines, and infrastructure hardening
- •Build preventative controls using infrastructure-as-code and policy-as-code; drive adoption across engineering teams
- •Own the enterprise encryption program in AWS, including KMS key policy design and governance (least privilege, separation of duties, break-glass, auditable admin/use roles)
- •Define safe grant usage patterns and operational best practices for AWS services and applications
- •Own key lifecycle management: rotation strategy, aliasing/migration patterns, and recovery considerations
- •Design cross-account and multi-account access patterns and controls aligned to Keyrock’s cloud operating model
- •Embed security into the SDLC: threat modeling, secure coding guidance, code scanning, dependency controls, build-time checks, and release gates
- •Partner with Platform Engineering to harden runtime environments (containers, Linux, CI/CD runners, secrets management, service-to-service authentication)
- •Partner with Security Operations to ensure engineering-driven outcomes: high-signal detections, incident response tooling readiness, forensic logging, and secure configurations that reduce blast radius
Nice to Have
- •Experience in trading, fintech, crypto, or other 24x7 and/or low-latency production environments
- •Experience building paved-road platforms (golden pipelines, secure templates, internal developer platforms)
- •Familiarity with cloud security tooling ecosystems (CSPM/CIEM, vulnerability management, SAST/DAST, secrets tooling)
Benefits
- •Work on security challenges unique to digital-asset liquidity and trading across venues
- •Build durable security capabilities for a high-impact, high-availability business
About Keyrock
Keyrock develops scalable, transparent proprietary algorithmic technologies to increase the liquidity of financial assets.
Belgium
100 - 250
Finance