Job Details

Join Coinbase's Security Team

Ready to be pushed beyond what you think you're capable of? At Coinbase, our mission is to increase economic freedom in the world. It's a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform and with it, the future global financial system. To achieve our mission, we're seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company's hardest problems. Our work culture is intense and isn't for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there's no better place to be. While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported. At Coinbase, we view security as one of our core product features. As part of this role, you would be joining the dedicated Security team supporting our Institutional business lines and helping to create a secure user experience for our customers. You will support operations for some of our core security processes, as well as partnering closely with our product partners and other core teams to help design product features that will maximize security without adding unnecessary friction. As part of this role, you'll work closely with product engineers, cryptography engineers, and other technical teams, so a deep understanding of backend systems will be a significant benefit in this role. The Institutional business at Coinbase is evolving rapidly, making this a great opportunity to be a part of furthering Coinbase's mission of being the Most Trusted crypto company.

Job Duties

Lead and develop the comprehensive information security strategy and program as the foundational security leader supporting the local entity CEO. Design, implement, and manage security threat modeling, penetration testing, secure cryptographic key management, and data separation initiatives. Security leader of a small team of security specialists whose team will grow with the business. Architect and deploy technical security infrastructure and controls to protect critical business assets and meet regulatory compliance requirements. Lead engineering build activities for custom security tools, monitoring systems, and automated security controls tailored to business requirements. Fully build and own all local security controls within the entity, ensuring comprehensive coverage of security functions from the ground up. Conduct security analysis of software code, applications, and systems to identify vulnerabilities and implement remediation strategies. Manage security operations and incident response procedures, including crisis communication and board-level reporting during security events. Lead M&A due diligence activities to assess security risks and threat surfaces of potential acquisition targets. Define and execute integration strategies for acquired companies, ensuring seamless security alignment and risk mitigation. Evaluate and determine which security functions require in-house capabilities versus outsourced solutions to meet local regulatory and business needs. Develop and maintain security policies, risk management frameworks, and compliance documentation aligned with industry best practices and regulatory requirements.

Job Requirements

Proven expertise as a hands-on security practitioner with deep specialization in at least one of: penetration testing, software engineering, security architecture, or secure product development. Strong software engineering background with ability to read, analyze, and perform security assessments of complex codebases. Demonstrated experience designing and implementing technical security infrastructure, controls, and architectures at scale. Leadership experience building and managing security teams, with ability to scale from individual contributor to management. Security operations and incident response expertise, including crisis management and communication during security events. Executive-level communication skills with ability to present security strategy and risk assessments to board members and C-suite executives. Experience working in highly regulated industries with complex compliance requirements and regulatory frameworks. Strong technical understanding of backend engineering architectures, cloud security, and modern application security principles. Technical capability to evaluate when to insource or integrate security capabilities to strengthen and address organizational security needs. Experience evaluating and determining which security functions require in-house capabilities versus outsourced solutions to meet regulatory and business needs.

Nice to haves:

• Knowledge of cryptography, multi-party computation, and secure key management best practices
• Advanced penetration testing certifications such as OSCP, OSCE, GPEN, or similar hands-on security certifications
• Hands-on engineering experience building custom security tools, automation platforms, and infrastructure-as-code implementations
• Background in financial services, fintech, or cryptocurrency/blockchain security
• Master's degree in Information Security, Computer Science, Engineering, or related technical field
• Experience with security analytics platforms and threat hunting capabilities for data-driven security decision making
• Previous BISO, CISO, or senior security leadership experience in high-growth technology companies
• Knowledge of regulatory frameworks specific to financial services and digital assets
• Product security experience integrating security controls into software development lifecycles and designing security features for product engineering teams
• Experience evaluating companies and merging security programs through acquisition or partnership activities