Principal Security Architect

The Principal Security Architect serves as the senior technical authority for security architecture, reporting to the CISO and partnering closely with Engineering. This role sets architectural direction, reviews and approves designs for major changes, and acts as the firm's reference point on the security of systems, protocols, and integrations. The focus is predominantly on architecture and assurance, with limited hands-on solution design in the cloud and integration space where reference patterns are needed.

Responsibilities

Architectural Authority

• Hold formal security sign-off authority for major changes to platforms, infrastructure, and integrations.
• Shape and maintain security architecture patterns, principles, and reference designs for engineering teams.
• Provide the senior technical security position in architectural and business decisions, including managing escalations where security and delivery pressures conflict.

Custody, Signing, and Cryptographic Architecture

• Provide architectural security leadership over signing infrastructure, covering people, process, and operational design around MPC-based signing.
• Review and approve changes to transaction construction, signing flows, approval policy, and key lifecycle operations.
• Provide architectural assurance over chain-of-trust constructs adjacent to custody, including verifiable build pipelines, hardware-backed code signing, and authenticator-bound administrative paths.

Multi-chain and Integration Security

• Reason at architectural depth across supported blockchains, including EVM, UTXO, and account-based non-EVM families.
• Assess third-party smart contract architectures, implementations, and audit reports to understand exploit and risk surfaces.
• Review first-party integrations with partner networks, including staking and on-chain participation, to form a defensible security position on operational and contract risk.

Identity and Access Architecture

• Own identity and access architecture as a dedicated pillar of the role.
• Set patterns for workforce, workload, and third-party identity across Entra ID, federated SSO, OAuth2 / OIDC, SAML, and modern authenticators.
• Govern entitlement design, privileged access, and access models for contractors, vendors, and external operators.

Cloud and Platform Security

• Maintain architectural fluency in both AWS and Azure, including network topology, segmentation, secrets handling, and platform telemetry.
• Produce reference patterns and direct integration designs in the cloud and platform space.

Risk and Assurance

• Lead technical security reviews of vendors, integrated venues, and protocols.
• Support client and counterparty due diligence on technical specifications.
• Translate architectural decisions into language for Compliance and GRC teams.
• Contribute to security policy, standards, and control framework development.

Requirements

Essential Skills and Experience

• Multi-chain Architectural Literacy: Ability to reason across EVM, UTXO, and non-EVM chains regarding transaction construction, signing, and consensus models.
• Custody and Signing Architecture: Strong conceptual grasp of threshold signing, signature schemes, and key lifecycle management.
• Settlement and Collateral Architecture: Experience reasoning about trust boundaries between custodians, venues, and clients.
• Identity and Access Architecture: Senior-level experience designing and governing identity across Entra ID, federated SSO, OAuth2 / OIDC, and SAML.
• Cloud Security: Working architectural understanding of AWS and Azure.
• Architectural Authority: Proven track record of holding sign-off on significant designs and owning residual risk.
• Communication: Ability to operate credibly with engineers, senior business stakeholders, auditors, and regulators.

Preferred Qualifications

• Familiarity with chain-of-trust constructs including verifiable builds and hardware-backed code signing.
• Awareness of the regulatory landscape for digital asset custody (e.g., FCA, FINMA, FSRA / ADGM, MiCA).
• Compliance familiarity across ISO 27001, SOC 2, and NIST CSF / 800-53.
• Enterprise architecture grounding (TOGAF, SABSA).

Benefits

• Paid Time Off: Minimum of 35 days per year (inclusive of public holidays), plus one additional day for each year of service.
• Medical Insurance: Comprehensive coverage including dental, optical, audiology, and mental health.
• Life Insurance: Included as part of the standard package.
• Pension: Enhanced employer matching contributions.
• Support: 24/7 Employee Assistance Programme (EAP).

Interview Process

1. Initial Screening: A conversation with the Talent Acquisition team regarding background and motivations.
2. Technical Interview: A virtual session with team members to discuss skills, problem-solving, and technical experience.
3. In-Person Interview: A final session focused on team dynamics, collaboration style, and leadership.