About Paxos
Today’s financial infrastructure is archaic, expensive, inefficient and risky — supporting a system that leaves out more people than it lets in. So we’re rebuilding it.
We’re on a mission to open the world’s financial system to everyone by enabling the instant movement of any asset, any time, in a trustworthy way. For over a decade, we’ve built blockchain infrastructure that tokenizes, custodies, trades and settles assets for the world’s leading financial institutions, like Mastercard, Visa, Robinhood, and PayPal.
About the team
The Security team is a specialized, deeply technical, and vigilant group tasked with protecting our digital assets, customer funds, and sensitive data against a sophisticated threat landscape. The team has many pillars, such as Application and Blockchain Security, Cloud Security, Security Operations, GRC, and IT.
About the role
As an Application Security Engineer, you will be a key guardian of our financial and blockchain ecosystem, ensuring that the code we ship and run is secure by design. You will act as a "Breaker" by identifying complex vulnerabilities and a "Builder" by engineering automated solutions that empower our developers to move fast without compromising security. This role sits at the unique intersection of traditional Fintech and emerging Web3 technologies.
What you’ll do
- Perform deep-dive security reviews of web applications, APIs, and cloud infrastructure.
- Develop security-focused tools and libraries in Go, Java, or Ruby to assist developers in writing secure code.
- Support our blockchain initiatives by identifying risks in L1/L2 integrations and smart contract interactions.
- Manage and tune Web Application Firewalls (WAF) and cloud-native security controls.
- Contribute to the security culture through developer training and participating in incident response when necessary.
- Build and maintain the tooling that integrates security into our development lifecycle, moving from manual reviews to automated, scalable guardrails.
