Engineering Manager, Product Security

About the role

The Product Security team is responsible for keeping Paxos' cloud-native platform secure, resilient, and compliant as we scale. We partner closely across all engineering teams to design, build, and operate secure-by-default applications in Kubernetes that power mission-critical payments, stablecoin, and brokerage products. The team owns core security capabilities of our platform like identity and access management in AWS, network segmentation, secrets management, inner-service communication, vulnerability management, and code scanning (SAST and DAST). As the Engineering Manager, Product Security at Paxos, you will lead a team of security engineers responsible for securing our AWS and Kubernetes infrastructure end-to-end and ensuring applications are built and maintained safely. You'll combine deep hands-on security engineering experience with strong people leadership to design secure cloud and application defaults, harden critical services, and build automated guardrails that enable product teams to move fast safely. You will drive the technical direction for cloud and application security,lead high-pressure incident response when needed, and grow a high-performing team that treats "security as an enabler," not a bottleneck.

Responsibilities

• Lead, coach, and develop a team of cloud and application security engineers, including setting clear goals, providing ongoing feedback, and running performance reviews.
• Own the security posture of our cloud environment, including AWS account topology, access management, inner-service communication, network segmentation, and ongoing monitoring (e.g., Cloud Posture tools)
• Partner across the engineering and security organization to embed security into application designs, CI/CD pipelines, and influence roadmaps of other teams.
• Establish and scale automated guardrails for infrastructure as code/policy as code, SAST, and DAST to reduce manual toil.
• Act as Incident Commander for high-severity security incidents and vulnerabilities, coordinating technical response, stakeholder communication, and post-incident reviews.
• Collaborate with Compliance, Risk, and Legal to maintain and improve our security posture relative to frameworks like NIST, and to support customer and regulator inquiries.
• Partner with leadership on headcount planning, hiring, and organizational design to ensure the Platform Security team scales with the business.
• Champion a culture of security across Paxos through education, documentation, and close collaboration, helping teams ship secure systems quickly and confidently.
• About you
• 8+ years of engineering experience (software, infrastructure, or security), including time as an individual contributor security engineer working on cloud or application security.
• At least 2-3 years of experience as an engineering manager, leading and developing security teams.
• Proven experience leading security of production AWS environments at scale, including AWS Organizations, IAM, SCPs, Transit Gateways, WAFs, and logging/monitoring.
• Hands-on experience deploying secure applications to multi-cluster Kubernetes environments (e.g., network policies, admission controllers, service mesh, secrets management, runtime hardening).
• Strong fluency of SSDLC lifecycle, from design to threat modeling to deployment with a bias on possible automation at every step of the way (Terraform/CDK, Policy-as-Code, SAST, DAST, AI-based penetration testing, etc).
• Deep understanding of security architecture concepts, including Zero Trust, mTLS, access management, least privilege, OWASP and application and cloud hardening best practices.
• Demonstrated experience leading incident response as an Incident Commander for major vulnerabilities or breaches, including coordinating cross-functional teams under pressure.
• Proficiency in headcount planning, performance reviews, and mentorship, with a clear and thoughtful leadership philosophy you can articulate with examples.
• Excellent communication skills, with the ability to explain complex security risks and trade-offs to both deeply technical engineers and non-technical stakeholders.
• Disclaimer: The first week of employment will be conducted in person at our New York City headquarters . By applying to this role, you acknowledge and agree that you will be able to travel to and work from our New York City office for onboarding during this period.
• Important Notice for Paxos Applicants
• We've become aw

Additional Information

About Paxos Today's financial infrastructure is archaic, expensive, inefficient and risky - supporting a system that leaves out more people than it lets in. So we're rebuilding it. We're on a mission to open the world's financial system to everyone by enabling the instant movement of any asset, any time, in a trustworthy way. For over a decade, we've built blockchain infrastructure that tokenizes, custodies, trades and settles assets for the world's leading financial institutions, like Mastercard, Visa, Robinhood, and PayPal.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at paxos? Share your experience