Senior Product Security Engineer

Build a Safer World. 

TRM Labs provides blockchain analytics and AI solutions to help law enforcement and national security agencies, financial institutions, and cryptocurrency businesses detect, investigate, and disrupt crypto-related fraud and financial crime. TRM’s blockchain intelligence and AI platforms include solutions to trace the source and destination of funds, identify illicit activity, build cases, and construct an operating picture of threats. TRM is trusted by leading agencies and businesses worldwide who rely on TRM to enable a safer, more secure world for all.

The Security team is responsible for and committed to securing all things at TRM. From our customers to our code, and everything in between, the security team is involved in all aspects of the business. We are looking for an Application Security Engineer to build mission-critical infrastructure that ensures the highest levels of availability, performance, and application security at TRM for products as built and deployed. From designing the technical strategy to company-wide best practices and implementation, you’ll work closely with engineering and engineering leadership to ensure TRM’s products are safe and secure.

The impact you’ll have here:

• Lead application security reviews and threat modeling, including secure code review, architectural design, and testing.
• Develop automated testing and mature our Secure SDLC.
• Own and perform application security vulnerability management.
• Coordinate penetration testing engagements.
• Support software engineers and product teams by developing application security best practices.
• Develop and maintain the bug bounty program.
• Bootstrap platform security initiatives that help protect TRM data.
• Inspire a culture of security across the engineering organization by fostering security champions within engineering teams and coordinating secure code training.

What we’re looking for:

• Minimum 8 years of experience in Software Development and testing.
• BS (or equivalent) in Computer Science, Computer Engineering, or related field.
• Proficiency in software development languages: Python, NodeJS, React
• Strong understanding of encryption, authentication, and authorization protocols
• Deep experience with common software flaws (e.g., OWASP and CWE), testing methodologies , and using common security tooling for testing.
• Professional experience with open source, commercial, or native security solutions for cloud providers such as GCP and AWS. Experience with modern secure software development lifecycles, threat modeling, and best practices.
• Experience with conducting efficient and comprehensive code security reviews on a daily or weekly basis
• Experience triaging and remediating vulnerabilities in software packages or libraries
• Experience with Software Security tools such as Github advanced security or other SAST, DAST, and SCA tools
• Experience with Web application testing frameworks such as BurpSuite, OWASP ZAP, etc.
• Experience with Threat modeling tools such as OWASP Threat Dragon, etc.
• Experience working in a previous agile-based software development role required
• Experience Red Teaming or penetration testing applications and infrastructure
• Professional experience with cloud providers (e.g., GCP and AWS), modern secure software development lifecycles, and best practices.
• Strong written and verbal communication skills.
• Security certifications such as OSCP, CEH, GWAPT are a plus.
• Familiarity with security frameworks (e.g., NIST SP 800-171 SSDF) is a plus

About the Team:

• The culture of our team is built on mutual respect, where everyone's opinion is valued and heard.
• We prioritize flexibility and efficiency, always seeking smarter ways to work without compromising quality.
• Transparency is at the heart of how we operate, both within the team and with the business, as we focus on clearly communicating and addressing cyber risks.
• Our collaborative approach ensures that we not only mitigate these risks but also align our efforts with business goals to protect and drive success.

Team’s Time Zones:

• Eastern Standard Time (EST - GMT-4)
• Pacific Standard Time (PST - GMT-7)
• Central European Summer Time (CET - GMT+2)

Learn about TRM Speed in this position:

• Prioritize Rapid Threat Assessments: Efficiently perform security risk assessments and triage vulnerabilities based on immediate risk to the business, focusing on the most critical issues with minimal delays.
• Integrate Security Early in Development: Embed security testing and reviews within our Product Shipping Framework and CI/CD pipelines to ensure that security is automated and runs parallel to the fast-paced development cycle, preventing bottlenecks.
• Proactively Educate Developers: Conduct just-in-time security training for developers and engineers, offering real-time advice and code reviews to help them produce secure code without interrupting their workflow.
• Optimize Tools for Speed: Leverage lightweight and efficient security tools that can be quickly integrated into development environments without slowing down deployments, ensuring continuous and secure product iterations.

About TRM's Engineering Levels:

Engineer: Responsible for helping to define project milestones and executing small decision decisions independently with the appropriate tradeoffs between simplicity, readability, and performance. Provides mentorship to junior engineers, and enhances operational excellence through tech debt reduction and knowledge sharing.

Senior Engineer: Successfully designs and documents system improvements and features for an OKR/project from the ground up. Consistently delivers efficient and reusable systems, optimizes team throughput with appropriate tradeoffs, mentors team members, and enhances cross-team collaboration through documentation and knowledge sharing.

Staff Engineer: Drives scoping and execution of one or more OKRs/projects that impact multiple teams. Partners with stakeholders to set the team vision and technical roadmaps for one or more products. Is a role model and mentor to the entire engineering organization. Ensures system health and quality with operational reviews, testing strategies, and monitoring rigor.

The following represents the expected range of compensation for this role:

• Individual pay is determined by skills, qualifications, experience, and location. The compensation details listed in this posting reflect the US base salary only.
• The estimated base salary range for this role is $215,000 - $230,000.
• Additionally, this role may be eligible to participate in TRM’s equity plan.
• Please note – we factor in the different costs for geographies outside the United States.

Life at TRM

We are building a safer world. That promise shows up in how we work every day.

TRM runs fast. Really fast. We’re a high‑velocity, high‑ownership team that expects clarity, follow‑through, and impact. People who thrive here are energized by hard problems, experimentation, and direct feedback. If something takes months elsewhere, it often ships here in days. 

That pace isn’t for everyone. If you are optimizing primarily for consistent work-life balance, use the interview process to pressure-test fit. We want teammates who thrive here, not just survive here.

AI Fluency at TRM

AI fluency is a baseline expectation at TRM.

We believe AI meaningfully changes how top performers operate. We expect every team member to use AI to accelerate and reimagine their craft, not just automate surface tasks.

At TRM, AI fluency means you are among the top 10 percent of operators in your function in how you apply AI to:

• Accelerate repeatable workflows
• Structure and solve problems
• Improve output quality
• Increase speed and leverage

You will be evaluated on applied AI fluency during the interview process.

Leadership Principles

We hire and grow against three leadership principles. They’re the standards for how we operate, treat each other, and make decisions.

• Impact-Oriented Trailblazer: We put customers first and move with speed, focus, and adaptability. We treat every plan like an experiment – test, ship, measure, and iterate quickly.
• Master Craftsperson: We care deeply about our craft. We balance speed with high standards, own outcomes end‑to‑end, and invest in getting better everyday.
• Inspiring Colleague: We add clarity and energy, not noise. We bring humility, candor, and a one‑team mindset — giving and receiving feedback to make the team stronger.

Learn more: Interviewing at TRM: How We Hire and What Success Looks Like

The impact you will have

This work has real stakes. Depending on your role at TRM, your week might look like:

• Driving critical investigations that can’t wait for typical business hours.
• Shipping products in days when others would schedule quarters.
• Partnering with teams across time zones to deliver insights while the story is still unfolding.
• Building new solutions from first principles when the playbook doesn’t yet exist.
• Protecting victims and customers by tracing illicit activity and disrupting criminal networks.

Join our Mission

At TRM we care deeply about our craft. We are looking for individuals who want their work to matter, who experiment with speed and rigor, and who take pride in building a safer world for billions of people. If you’re excited by TRM’s mission but don’t check every box, we encourage you to apply — we hire for slope, judgment, and the will to learn fast.

TRM is a Series C company with $220M in total funding, backed by Blockchain Capital, Goldman Sachs, Bessemer, Y Combinator, Thoma Bravo, and others. Headquartered in San Francisco, TRM operates as a distributed-first company with hubs in Los Angeles, San Francisco, New York, Washington D.C., London, and Singapore.

Recruitment agencies

TRM Labs does not accept unsolicited agency resumes. Please do not forward resumes to TRM employees. TRM Labs is not responsible for any fees related to unsolicited resumes and will not pay fees to any third-party agency or company without a signed agreement.

Privacy Policy

By submitting your application, you are agreeing to allow TRM to process your personal information in accordance with the TRM Privacy Policy

Learn More: Company Values | Interviewing | FAQs