openashbyhqwestcap
Engineering Manager, Product Security
Paxos
LocationRemote - United States, Remote - Canada
WorkplaceRemote
EmploymentFullTime
Posted2026-05-27T13:50:00.857+00:00
Last observed2026-06-13 05:25:22.719734
Job idwestcap-paxos:ashbyhq:3a037300-1a7c-49eb-9e31-b5374f4a76c5
About Paxos Today’s financial infrastructure is archaic, expensive, inefficient and risky — supporting a system that leaves out more people than it lets in. So we’re rebuilding it. We’re on a mission to open the world’s financial system to everyone by enabling the instant movement of any asset, any time, in a trustworthy way. For over a decade, we’ve built blockchain infrastructure that tokenizes, custodies, trades and settles assets for the world’s leading financial institutions, like Mastercard, Visa, Robinhood, and PayPal. About the team The Product Security team is responsible for keeping Paxos’ cloud-native platform secure, resilient, and compliant as we scale. We partner closely across all engineering teams to design, build, and operate secure-by-default applications in Kubernetes that power mission-critical payments, stablecoin, and brokerage products. The team owns core security capabilities of our platform like identity and access management in AWS, network segmentation, secrets management, inner-service communication, vulnerability management, and code scanning (SAST and DAST). About the role As the Engineering Manager, Product Security at Paxos, you will lead a team of security engineers responsible for securing our AWS and Kubernetes infrastructure end-to-end and ensuring applications are built and maintained safely. You’ll combine deep hands-on security engineering experience with strong people leadership to design secure cloud and application defaults, harden critical services, and build automated guardrails that enable product teams to move fast safely. You will drive the technical direction for cloud and application security,lead high-pressure incident response when needed, and grow a high-performing team that treats “security as an enabler,” not a bottleneck. What you’ll do - Lead, coach, and develop a team of cloud and application security engineers, including setting clear goals, providing ongoing feedback, and running performance reviews. - Own the security posture of our cloud environment, including AWS account topology, access management, inner-service communication, network segmentation, and ongoing monitoring (e.g., Cloud Posture tools) - Partner across the engineering and security organization to embed security into application designs, CI/CD pipelines, and influence roadmaps of other teams. - Establish and scale automated guardrails for infrastructure as code/policy as code, SAST, and DAST to reduce manual toil. - Act as Incident Commander for high-severity security incidents and vulnerabilities, coordinating technical response, stakeholder communication, and post-incident reviews. - Collaborate with Compliance, Risk, and Legal to maintain and improve our security posture relative to frameworks like NIST, and to support customer and regulator inquiries. - Partner with leadership on headcount planning, hiring, and organizational design to ensure the Platform Security team scales with the business. - Champion a culture of security across Paxos through education, documentation, and close collaboration, helping teams ship secure systems quickly and confidently. About you - 8+ years of engineering experience (software, infrastructure, or security), including time as an individual contributor security engineer working on cloud or application security. - At least 2–3 years of experience as an engineering manager, leading and developing security teams. - Proven experience leading security of production AWS environments at scale, including AWS Organizations, IAM, SCPs, Transit Gateways, WAFs, and logging/monitoring. - Hands-on experience deploying secure applications to multi-cluster Kubernetes environments (e.g., network policies, admission controllers, service mesh, secrets management, runtime hardening). - Strong fluency of SSDLC lifecycle, from design to threat modeling to deployment with a bias on possible automation at every step of the way (Terraform/CDK, Policy-as-Code, SAST, DAST, AI-based penetration
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.