Principal Security Engineer, Privy

About the role

About Privy Our mission is to make privacy and user ownership the default online. We build simple, flexible developer tooling that make it easy to build products that put users first. By leveraging modern cryptography, we shift the status quo around digital ownership and protect the accounts and assets of millions of users. Learn more about Privy: Privy and Stripe: Bringing crypto to everyone

Responsibilities

• Lead security architecture reviews for embedded wallet systems, authentication flows, key management infrastructure, transaction signing systems, crypto custody-adjacent services, and developer-facing APIs.
• Conduct advanced threat modeling for web, mobile, cloud, wallet, blockchain, and cryptographic systems.
• Identify, validate, prioritize, and drive remediation of vulnerabilities across applications, infrastructure, APIs, CI/CD pipelines, third-party integrations, and production services.
• Design and implement scalable security controls, automation, detection, alerting, and monitoring to reduce risk across engineering teams.
• Lead or support incident response, security investigations, root-cause analysis, containment, remediation, and post-incident hardening.
• Evaluate security implications of new product launches, infrastructure changes, vendor integrations, cryptographic designs, and authentication mechanisms.
• Develop security standards, secure engineering guidance, review processes, and technical documentation for engineering teams.
• Partner with engineering leadership to embed security into design, development, deployment, and operational workflows.
• Manage and triage external vulnerability reports, responsible disclosure submissions, penetration test findings, bug bounty reports, and third-party security assessments.
• Perform hands-on vulnerability research and proof-of-concept validation for complex application, protocol, authentication, authorization, cloud, and blockchain-related security issues.
• Mentor engineers and security team members on secure design, exploitability analysis, vulnerability remediation, and risk-based prioritization.
• Stay current on emerging threats affecting crypto infrastructure, fintech, cloud platforms, web application frameworks, supply-

Requirements

• We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
• Minimum requirements
• 10 years of professional experience in software security, application security, product security, infrastructure security, security engineering, vulnerability research, incident response, or closely related technical security roles.
• Experience must include substantial hands-on work securing production software systems, cloud infrastructure, web applications, APIs, authentication systems, or financial technology platforms.
• Bachelor's degree in Computer Science, Computer Engineering, Information Systems, Information Security, Cybersecurity, Software Engineering, Electrical Engineering, Mathematics, or a closely related technical field. Foreign equivalent degrees are acceptable.
• Security architecture and threat modeling for complex software systems.
• Application security, including web application vulnerabilities, API security, authentication, authorization, session management, input validation, injection flaws, insecure deserialization, SSRF, XSS, CSRF, access control failures, and business logic vulner

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Stripe? Share your experience