About the engagement
Bitcoin.com is seeking an experienced independent candidate to provide senior-level security engineering services for our products and infrastructure, spanning application security, cloud and Kubernetes environments, smart contract security, security operations, and compliance.
This is a remote engagement; the candidate may be located anywhere within the APAC region and provides the Services from their own location. The Services require coordination with the Company’s engineering function, so the candidate should be available for agreed collaboration windows that overlap with Japan Standard Time (JST/UTC+9), for example, architecture reviews and incident response. The candidate will coordinate with the Director of Engineering as the primary point of contact for scoping and acceptance of deliverables, and will liaise with the Company’s DevOps and Engineering functions as needed across an AWS-native, containerized stack.
Scope of Services
The candidate’s Services will include:
- Designing and implementing security controls across AWS, EKS/Kubernetes, CI/CD (Jenkins, GitHub Actions, ArgoCD), and AI/agentic workflows.
- Delivering threat models, risk assessments, and security architecture reviews across infrastructure, applications, and AI-driven systems.
- Providing end-to-end vulnerability management across code, infrastructure, and AI-generated artifacts, using tools such as NewRelic, Bugsnag, and security scanners.
- Developing recommended secure-coding and AI-usage standards, including guardrails for LLMs, copilots, and automated workflows.
- Building and operating security monitoring, alerting, and incident response capabilities, including detection of AI/agent-related risks.
- Evaluating and recommending security and AI tooling (SAST/DAST, SIEM, EDR, secrets management), with least-privilege access and secure integrations.
- Hardening infrastructure and data layers (Terraform, IAM, VPC, Cloudflare, Cassandra, Kafka, Redis), including protections against unauthorized or automated actions.
- Supporting the Company’s compliance objectives (SOC 2, ISO 27001), with a focus on auditability, data protection, and governance of AI systems.
- Providing security expertise and recommended best practices across AI, cloud, and Web3 (smart contracts, key management, bridges).
- Advising blockchain/product teams on risk mitigation in decentralized systems.
Candidate’s profile (required expertise)
- Demonstrated expertise (typically 5–8 years) in security engineering across application, cloud, and infrastructure security.
- Hands-on experience securing AWS (IAM, VPC, EKS, S3, EC2) and Kubernetes.
- AppSec proficiency (OWASP Top 10, secure SDLC, code reviews) and common tooling (SAST/DAST, SIEM, secrets management).
- Strong foundation in network