Senior Security Engineer

About the Company Born from groundbreaking research at Columbia University and Yale University, CertiK is a leading Web3 security company focused on securing blockchain protocols, smart contracts, and decentralized applications through cutting-edge security research, formal verification, and AI-powered technology. Founded in 2017 and headquartered in New York City, CertiK provides end-to-end security solutions including smart contract audits, penetration testing, on-chain monitoring, incident response, and compliance services for some of the largest projects in the digital asset ecosystem. Today, CertiK supports thousands of enterprise clients and Web3 projects globally, with a distributed international team spanning North America, Asia, and Europe. The company is backed by leading investors including Coatue, Goldman Sachs, Insight Partners, and Sequoia Capital, and has been recognized by organizations such as the World Economic Forum and CB Insights for its contributions to blockchain security innovation. About You You are proactive, reliable, and enjoy helping people solve problems. You are highly organized, eager to learn, and comfortable supporting both technical and non-technical teams. You enjoy being hands-on, can adapt quickly in a fast-paced environment, and are willing to take ownership of day-to-day operational tasks to help keep the office and systems running smoothly. The expected base salary range for this role is $70,000 - $90,000, depending on experience and qualifications. CertiK is proud to offer medical, vision, and dental insurance, 401(k) plan with company matching, life and accidental death and dismemberment insurance, HSA (with high deductible plan), FSA, and other benefits to all full-time employees, along with flexible paid time off and holidays. CertiK also offers a variable commission program for business development sales roles. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire. CertiK is proud to be an equal opportunity employer. We will not discriminate against any applicant or employee on the basis of age, race, color, creed, religion, sex, sexual orientation, gender, gender identity or expression, medical condition, national origin, ancestry, citizenship, marital status or civil partnership/union status, physical or mental disability, pregnancy, childbirth, genetic information, military and veteran status, or any other basis prohibited by applicable federal, state or local law. CertiK will consider for employment qualified applicants with criminal histories in a manner consistent with local and federal requirements. https://www.eeoc.gov/sites/default/files/migrated_files/employers/poster_screen_reader_optimized.pdf All CertiK employees are expected to actively support diversity on their teams, and in the Company. Responsibilities Lead design/deployment of enterprise-grade security solutions to safeguard internal networks/applications/infrastructure, ensuring confidentiality/integrity/availability of mission-critical systems & data Define/enforce organization-wide security policies/standards; own end-to-end vulnerability management lifecycle & lead cross-functional incident response with engineering/IT/compliance teams Oversee real-time threat detection/response operations; conduct forensic investigations & drive root cause analysis for high-impact security incidents to inform long-term defense strategies Manage/execute comprehensive security assessments across internal/third-party systems, including architecture reviews/endpoint security evaluations/infrastructure hardening initiatives Guide secure development practices by applying advanced static/dynamic analysis to identify vulnerabilities & deliver remediation guidance to engineering teams Conduct threat modeling/risk analysis for high-value systems to proactively identify/mitigate attack vectors & influence system/product architecture Architect/maintain internal security tooling to expand detection coverage, streamline response workflows & enhance operational visibility Requirements Master’s degree in Computer Science, Software Engineering, Security Informatics, or related field. Expertise in threat modeling/architectural risk assessment using structured methodologies (e.g., STRIDE/DREAD) Advanced knowledge of SSDLC, including static/dynamic analysis/QA practices & end-to-end vulnerability lifecycle management (tracking/remediation coordination/verification) Strong ability to conduct comprehensive security assessments across network infrastructure/application architecture/system configurations Familiarity with cloud environments (AWS/Azure/GCP) & CI/CD deployment workflows; Proficiency in Java/Python with applied skills in secure coding/debugging/symbolic execution & internal tooling/automation scripting

{
  "content_hash": "31d9dcc11cbea68b3782564191be2d5354646495988c6c39a9fcd821cbf264b4",
  "source_hash": "4d3e6135a6ec8b1103aa7607bca34f25856e412fbee9e11f264fd6a31adffa0b",
  "last_changed_at": "2026-05-29T07:07:25.236Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "New York, New York",
    "city": "New York",
    "region": "NY",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.85
  },
  "salary_max": 90000,
  "salary_min": 70000,
  "inferred_at": "2026-06-19T07:57:12.029Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "New York, New York",
      "city": "New York",
      "region": "NY",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.85
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": null,
  "salary_period": "year",
  "workplace_type": "on_site",
  "salary_currency": "USD"
}

{}

{
  "lists": [
    {
      "text": "Responsibilities",
      "content": "\n<li>Lead design/deployment of enterprise-grade security solutions to safeguard internal networks/applications/infrastructure, ensuring confidentiality/integrity/availability of mission-critical systems &amp; data</li>\n<li>Define/enforce organization-wide security policies/standards; own end-to-end vulnerability management lifecycle &amp; lead cross-functional incident response with engineering/IT/compliance teams</li>\n<li>Oversee real-time threat detection/response operations; conduct forensic investigations &amp; drive root cause analysis for high-impact security incidents to inform long-term defense strategies</li>\n<li>Manage/execute comprehensive security assessments across internal/third-party systems, including architecture reviews/endpoint security evaluations/infrastructure hardening initiatives</li>\n<li>Guide secure development practices by applying advanced static/dynamic analysis to identify vulnerabilities &amp; deliver remediation guidance to engineering teams</li>\n<li>Conduct threat modeling/risk analysis for high-value systems to proactively identify/mitigate attack vectors &amp; influence system/product architecture</li>\n<li>Architect/maintain internal security tooling to expand detection coverage, streamline response workflows &amp; enhance operational visibility</li>\n\n<div>&nbsp;</div>"
    },
    {
      "text": "Requirements",
      "content": "\n<li>Master’s degree in Computer Science, Software Engineering, Security Informatics, or related field.</li>\n<li>Expertise in threat modeling/architectural risk assessment using structured methodologies (e.g., STRIDE/DREAD)</li>\n<li>Advanced knowledge of SSDLC, including static/dynamic analysis/QA practices &amp; end-to-end vulnerability lifecycle management (tracking/remediation coordination/verification)</li>\n<li>Strong ability to conduct comprehensive security assessments across network infrastructure/application architecture/system configurations</li>\n<li>Familiarity with cloud environments (AWS/Azure/GCP) &amp; CI/CD deployment workflows; Proficiency in Java/Python with applied skills in secure coding/debugging/symbolic execution &amp; internal tooling/automation scripting</li>\n"
    }
  ],
  "country": "US",
  "createdAt": 1779925585364,
  "updatedAt": null,
  "categories": {
    "team": "Security Engineering",
    "location": "New York, New York",
    "commitment": "Full-time",
    "allLocations": [
      "New York, New York"
    ]
  },
  "salaryRange": null,
  "workplaceType": "onsite"
}