Security Assurance Engineer

The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks’ platform and network provide the simplest and most secure way for companies to work with digital assets and it trusted by some of the largest financial institutions, banks, globally-recognized brands, and Web3 companies in the world, including BNY Mellon, BNP Paribas, ANZ Bank, Revolut, and thousands more.

Role Overview

We are looking for a proactive Security Assurance Lead to advance our security program into a proactive "validate and verify" model. Your mission is to ensure our defenses aren't just present, but effective. In this hands-on technical role will own and manage testing, validating and reporting on our security posture, through automated testing against our controls, and ensure our security stack is optimized, integrated, and fully utilized.

Key Responsibilities

• Security Assurance Management: Define, orchestrate and drive the security assurance program from vision to full implementation.
• Continuous Control Validation: Design and execute automated testing (e.g., Breach & Attack Simulation) to verify that prevention and detection controls are functioning across cloud, SaaS and IT environments.
• Central Visibility Hub: Build and maintain a real-time Security Posture Dashboard. This hub will provide a single pane of glass for the coverage and health of our security stack.
• Tool Optimization & Efficacy: Review our existing security suite to ensure tools are properly configured, integrated, and delivering ROI. You will identify "blind spots" where tools are installed but not effectively monitoring or blocking.
• Offensive Testing Strategy: Coordinate regular external offensive testing cycles such as Penetration Testing, Phishing, etc. and translate "broken" controls and findings into actionable items.
• Operational Excellence: Define clear ownership, maintenance schedules, and lifecycle processes for all security technologies to prevent "tool rot."

Required Experience & Qualifications

• 8+ years experience of cybersecurity engineering and architecting (Infosec/DevSecOps).
• Proven technical capabilities in automation, scripting, AI, etc.
• Experience in offensive testing methodologies and practices such as penetration testing, red team exercises, etc.
• Strong understanding of breach simulation, continuous control monitoring (CCM) and technical validation concepts and methodologies.
• Strong understanding of:
• Cloud and SaaS security (WAF, CNAPP)
• Identity, access control, and infrastructure security (IDM, IDP, PAM)
• Endpoint and corporate IT security (EDR, DLP, SASE)

Required Skills & Attributes

• Self-directed architect: Able to take full ownership of the security assurance roadmap from initial design and selection to a working, breathing program.
• Authority without ego: Able to lead across departments without formal reporting lines. While you will operate independently, success is measured by your ability to partner with peers to achieve implementation and ongoing adherence.
• Critical thinking: Able to challenge, validate and verify, while maintaining trust and collaboration with peers and stakeholders.
• Strategic planning: Don’t just patch and quick fix, but ensure correct practices and procedures are developed to provide assurance over time.
• Executive communication: Clear, concise, and credible with senior leadership.
• Analytical thinking: Attention to details and ability to connect multiple dots into a concise and accurate picture.

Nice to Have

• Experience in crypto, fintech, or highly regulated financial environments
• Familiarity with the NIST Cybersecurity Framework (CSF) 2.0, Cloud Security Alliance (CSA) controls matrix, offensive security frameworks (MITRE), etc.