Key skills
Application SecurityCryptographic SecuritySecurity Testing ToolsCloud SecurityProgramming LanguagesThreat ModelingAnalytical SkillsBuilder MentalityCollaborative MindsetJavaScriptTypeScriptGoRustAWSGCPKubernetesDockerDeFiSDLCCommunicationOWASP
About this role
Turnkey is a developer-first infrastructure company focused on private key management, aiming to enhance crypto security. They are seeking a Senior Application Security Engineer to ensure their systems are secure by design and resilient at scale, working closely with product and infrastructure engineering teams.
Responsibilities:
- Participating in the implementation efforts
- Doing security reviews
- Helping with product design decisions
- Auditing and surfacing vulnerabilities in our current products
- Conducting threat modeling and security assessments for new features and systems, identifying risks early and shaping secure architectural decisions
- Developing and improving our Automated Tooling: further enhancing our automated tooling to scale our product security capabilities and find potential code problems both before and after we deploy
- Making the safe way, the easy way: work on defining and building application guardrails so that developers can build securely by default
- Investigating and remediating security issues, including vulnerabilities and incidents, and drive long-term improvements to prevent recurrence
- Embedding a culture of secure development across engineering, defining practices that influence how Turnkey builds, deploys, and maintains systems at scale
Requirements:
- Bachelors degree in Computer Science, Engineering, or a related field
- 5+ years of experience in application or product security, ideally in fast-moving, high-impact or crypto-native environments
- Strong understanding of web, mobile, and cryptographic security fundamentals (e.g. OWASP Top Ten, SANS/CWE Top 25)
- Proficiency in programming and scripting languages (Typescript/Javascript, Go, Rust) and experience building secure systems from the code up
- Hands-on experience with security testing tools and methodologies (static/dynamic analysis, pen testing, etc.)
- Strong understanding of cloud, containerized, and runtime environments (AWS, GCP, Docker, Kubernetes), with the ability to embed security early in the SDLC
- Excellent analytical, problem-solving, and communication skills, with a collaborative mindset for partnering across product and infrastructure teams
- Curious, proactive, and passionate about building secure, reliable systems in a fast moving startup environment
- A builder mentality; comfortable operating with ambiguity, tackling incomplete systems, and applying hands-on engineering experience to security challenges
- Familiarity with crypto or DeFi systems and their unique security challenges
- Familiarity with threat modeling frameworks and cloud-native security tooling