Security Architect

Join Blockstream as a Security Architect to design and oversee secure systems for Bitcoin infrastructure. Ideal for experienced engineers with a strong backend focus and fintech or blockchain experience. Blockstream was founded in 2014 by Dr. Adam Back and a group of fellow cryptographers and engineers who are passionate about Bitcoin and its potential to change the world. Today, Blockstream is the leading Bitcoin company, providing cutting-edge infrastructure solutions for enterprises, institutions, and individual Bitcoin users. We develop industry-leading Bitcoin self-custody solutions, Bitcoin-based financial products, second-layer scaling technologies, and enterprise-grade blockchain infrastructure.

• •Define and drive security architecture across applications, services, and infrastructure.
• •Partner with engineering teams to design and implement secure software systems, focusing on backend and data security.
• •Conduct threat modeling, risk assessments, and security reviews for new and existing products.
• •Develop and enforce secure coding practices, frameworks, and review processes.
• •Collaborate with DevOps on cloud and container security, CI/CD hardening, and access controls.
• •Evaluate and integrate security tools for code scanning, vulnerability management, and incident response.
• •Guide and mentor engineers on best practices for secure application development.
• •Stay ahead of emerging security trends, compliance standards, and attack vectors — particularly in fintech and blockchain domains.

• •Experience with Bitcoin, Lightning, or blockchain protocols.
• •Contributions to open-source security tools or projects.
• •Security certifications (CISSP, OSCP, CEH, or equivalent) are a plus but not required.

• •10+ years of experience in software engineering or security architecture roles.
• •Strong full-stack background with deep backend security expertise (Python, Go, C/C++, Rust, or similar languages).
• •Demonstrated experience designing and securing systems for enterprise fintech, banking, or blockchain environments.
• •Knowledge of cryptography, authentication, and key management.
• •Hands-on experience with cloud security (AWS, GCP, or similar).
• •Familiarity with threat modeling, secure SDLC, and modern application security frameworks (OWASP, NIST, ISO 27001).
• •Excellent communication skills — able to clearly articulate risks and solutions to both technical and non-technical stakeholders.