Director Security Engineering

The CoinDCX Journey: Building Tomorrow, today

At CoinDCX, we believe CHANGE STARTS TOGETHER. You are the driving force that will help us make Web3 accessible to all.

In the last six years, we have skyrocketed from being India's first crypto unicorn to carrying a community of over 125 million with us. To continue maximising the adoption and acceleration of Web3, we are now focused on developing cutting-edge products, addressing accessibility and security challenges, and bridging the gap between people and Web3 technologies.

While we go ahead and keep dominating the Web3 world, we would like to HODL you on our team! Join our team of passionate innovators who are breaking barriers and building the future of Web3. Together, we will make the complex simple, the inaccessible accessible, and the impossible possible. Boost your innovation to an ALL TIME HIGH with us!

Role Overview:

The Head of Security Engineering & Architecture is a crucial senior leadership position entrusted with the comprehensive responsibility for establishing, developing, and expanding the organization's security architecture, engineering frameworks, requisite technologies, and the secure-by-design strategic imperative. This leader will be instrumental in governing security across cloud environments, infrastructure, application portfolios, data assets, identity management, and nascent technologies, concurrently fostering business agility through the implementation of resilient, scalable, and contemporary security paradigms.

The preferred candidate must possess profound technical acumen, a proven history of managing high-performing teams, and the capacity to effectively influence executive leadership, engineering professionals, and product management stakeholders. They shall serve as the custodian of the enterprise security architecture roadmap, ensuring the consistent adoption of stringent security controls by engineering teams throughout the Software Development Life Cycle (SDLC).

You need to be a HODLer of these:

• 12+ years of experience in information security, with a minimum of 57 years in a leadership role overseeing security architecture or engineering teams.
• One or more of industry certifications such as CISA, CISSP, CISM, CCSP etc
• Strong business acumen, be able to understand business needs and advise stakeholders on appropriate security solutions
• Good understanding of techniques and patterns for secure integration with external partners and service providers
• Core Competencies (Strong hands-on understanding required):
• Cloud security across major platforms (AWS, GCP).
• Application and API security, including secure Software Development Lifecycle (SDLC) methodologies
• Container and orchestration security (Kubernetes).
• Identity and Access Management (IAM), Privileged Access Management (PAM), and modern identity protocols (OAuth2, OIDC, SAML).
• Infrastructure and network security principles.
• Data security practices, including Data Loss Prevention (DLP), encryption, key management, and tokenization.
• Proven experience with large-scale distributed systems, high-availability infrastructure, and modern software engineering practices.
• Leadership & Business Skills:
• Proven capability in establishing and guiding security architecture and engineering teams.
• Extensive experience collaborating with C-suite executives, engineering leadership, and enterprise architects.
• Demonstrated ability to judiciously balance competing factors, including risk, user experience, financial cost, and business speed.
• Exceptional communication and persuasive skills.
• Preferred Experience :
• Understanding of crypto currency exchange operations, crypto security and secure key management best practices
• Security consulting and/or audit experience
• Hands-on engineering experience building custom security tools, automation platforms, or experience of DevOps
• Background in financial services, fintech, or cryptocurrency/blockchain security
• Advanced knowledge regarding common attacks, attack methods, and defense architectures.
• Experience with Information Security policies and procedure development and implementation
• Experience developing technical documentation, including reports and remediation plans
• Experience working in regulated industries and knowledge of regulatory frameworks specific to financial services and digital assets will be a plus
• Broader architecture and engineering experience from previous roles
• Success Metrics:
• Substantial reduction in architectural risks and the incidence of high-severity vulnerabilities.
• Demonstrable increase in the consistent adoption of secure design patterns throughout all engineering teams.
• Achievement of faster, seamless, and secure application delivery pipelines.
• Quantifiable improvements across key security domains, including cloud security posture, runtime security, and security observability.
• Attainment of favorable audit and regulatory outcomes, leading to a diminished post-audit remediation burden.
  
  

You will be mining through these tasks:

• Partner with product and engineering leaders and their teams on cross-functional initiatives to improve the safety of our infrastructure and development platforms
• Collaborate with product teams on new product/features design, use of emerging technologies/AI and ensure security is considered from the start
• Development of security architecture requirements and implementation guidance based on NIST and or other security control frameworks
• Lead the development and implementation of security requirements, architectures, and documentation to ensure security controls are seamlessly integrated into new technology deployments
• Architect, design, implement, maintain, and operate information system security controls and countermeasures
• Experience in securing cloud services and APIs
• Lead regular architecture and design reviews to ensure implementation in line with established standards
• Evaluate life-cycle management of security technologies and tooling in use within the organisation and suggest ongoing improvements/change as needed
• Identify security risks and control gaps within systems, designs, products, data flows, and processes; and recommend corrective architecture, integrations, controls, and operations
• Perform secure architecture and design reviews of new technology and security systems deployments, and collaborate with business teams to integrate secure-by-design principles into engineering projects and builds
• Coach direct reports to have a positive impact on the organization and ensure embedding of security best practices as part of new design/changes
• Collaborate with engineers, managers, the wider information security teams and program managers to drive security controls within the product and security roadmap
• Support teams in making diligent architectural, security design and operational decisions
• Serve as a senior advisor to the CISO, CTO, CIO, and engineering leadership.
• Establish a secure-by-default culture throughout all development and infrastructure domains.
• Security Architecture:
• Establish and maintain enterprise security architecture frameworks, including SABSA, NIST, CSA, and Zero Trust.
• Evaluate and sanction architectural designs for cloud environments, applications, networks, data platforms, and third-party integrations.
• Lead the implementation of Zero Trust principles, micro-segmentation, and identity-centric security designs.
• Develop comprehensive and reusable security reference architectures, guardrails, and standardized design patterns.
• Security Engineering:
• Oversee the engineering and implementation of security controls, specialized tooling, and automation solutions across the technology stack.
• Recommend the right tools and strategies to ensure security of end point systems, perimeter and safe access/use of business applications.
• Lead the deployment, scaling, and optimization of critical security domains, including:
• Identity and Access Management (IAM) and Privileged Access Management (PAM)
• Secrets management
• Data protection and encryption
• Cloud security posture management (CSPM)
• CI/CD security tooling
• Vulnerability management
• API security
• Container and Kubernetes security
• Incident Response & Threat Management:
• Partner with Threat Intelligence, Security Operations Center (SOC), and Incident Response (IR) teams to ensure that telemetry and security controls are effectively aligned with adversary Tactics, Techniques, and Procedures (TTPs).
• Direct post-incident architectural assessments and the formulation of long-term remediation and mitigation strategies.
• Incorporate contemporary detection engineering practices, runtime protection mechanisms, and advanced security analytics into the technology stack.
  
  

Are you the one Our missing block

• You are knowledge-hungry when it comes to VDA and Web3, always eager to dive deeper and stay ahead in this evolving space.
• The world of Web3 and VDA excites you, fueling your curiosity and driving you to explore new opportunities within this dynamic landscape.
• You act like an owner, constantly striving for excellence, impact, and tangible results in everything you do.
• You embrace a We over Me mindset, growing individually while fostering the growth of those around you.
• Change is your catalyst, igniting your passion to build and innovate.
• You think outside the box, unbound by limitations or doubt, always pushing the boundaries of what's possible.
  
  

Perks That Empower You

Our benefits are designed to make a lasting impact on your life, giving you the freedom to create a work-life balance that truly suits you.

• Design Your Own Benefit: Tailor your perk package to fit your unique needs. Whether you're eyeing a new gadget or welcoming a furry friend into your life, our flexible benefits ensure that you can prioritize what matters most to you.
• Unlimited Wellness Leaves: We believe in the power of well-being. Take the time you need to recharge, knowing that your health is our priority. With unlimited wellness leaves, you can return refreshed, ready to build and grow.
• Mental Wellness Support: Your mental health is as important as your professional growth. Benefit from access to health experts, free counseling sessions, monthly wellness workshops, and regular team outings, all designed to help you stay balanced and connected.
• Bi-Weekly Learning Sessions: These sessions are more than just updatesthey're opportunities to fuel your growth. Stay ahead with the latest industry knowledge, sharpen your skills, and accelerate your career in an ever-evolving landscape.