[Remote] Senior Crypto Security Engineer

Note: The job is a remote job and is open to candidates in USA. Lightspark is building the open payment protocol for the Internet, aiming to make money transfer instant and frictionless. They are seeking a Senior Security Engineer to architect the safety of a decentralized payment network, focusing on securing infrastructure, application security, and blockchain protocols.

Responsibilities

• Secure Protocol Engineering: Perform deep-dive code audits and risk assessments of core protocol implementations and payment channel logic. You will prevent funds loss or state corruption by identifying edge cases in distributed systems
• Hardened Infrastructure: Architect and secure our cloud-native footprint (AWS/GCP), ensuring that validator nodes, signing services, and P2P networking are resilient against both traditional DDoS and protocol-specific eclipse attacks
• Application & Lifecycle Security: Build and maintain the Secure SDLC for our products. This includes automated security analysis (SAST/DAST) in CI/CD, managing high-stakes bug bounties, and performing manual penetration tests on our financial APIs
• Cryptographic Operations: Design and manage mission-critical Key Management Systems (KMS). You will lead the implementation of Multi-Party Computation (MPC), Threshold Signatures (TSS), and HSM integrations to secure private keys at scale
• Detection & Response: Develop specialized monitoring for both Cyber threats (unauthorized access, lateral movement) and On-chain threats (channel jamming, fee-siphoning, or routing anomalies)
• Security Expert: Serve as the subject matter expert for engineering teams, bridging the gap between standard web security and crypto-native security

Skills

• 6+ years in Security Engineering with a proven track record that spans Infrastructure, Application Security, and Blockchain/DeFi
• Hands-on experience with cryptographic primitives (Elliptic Curve, Schnorr, Merkle Trees) and a fundamental understanding of Layer 2 scaling (Lightning Network)
• High proficiency in Python, Rust or Go. You should be capable of auditing systems-level code for memory safety, race conditions, and cryptographic flaws
• A history of identifying vulnerabilities in decentralized protocols or high-scale distributed systems. You think three steps ahead of the attacker
• Understanding of how to apply traditional frameworks (NIST, OWASP) to the non-traditional world of decentralized finance and self-custody
• A CS degree is ideal, but we also value contributions to open-source security tools or a history of disclosed vulnerabilities in the crypto space
• Ability to translate complex cryptographic risks into actionable engineering requirements for non-security peers

Company Overview

Company H1B Sponsorship