Senior Security Engineer, Application Security

About Us

Turnkey is developer-first infrastructure for private key management, making it simple to create wallets, sign transactions, and automate on-chain actions through one elegant API, without ever exposing sensitive key material. Founded by the team who scaled Coinbase Custody from zero to a $100M+ ARR business and helped protect over $100B in crypto assets, Turnkey is tackling crypto security at its foundational level. Our mission is to make strong cryptography the default across the open internet the same way AWS made scalable computing the default for software.

Our Team

Our team is low-ego, high-agency, and high-autonomy, with a significant amount of combined experience in cryptography, security, and low-level systems. We're building the trustless, programmable infrastructure that will power the next wave of mass-market crypto applications and we're looking for people who want to shape what that future looks like.

Role Overview

We are hiring a Senior Application Security Engineer to join Turnkey's team and help ensure our systems, pipelines, and runtime environments are secure by design and resilient at scale. You'll embed directly with product and infrastructure engineering teams, shaping how security is integrated into every aspect of our architecture. This is a hands-on, builder role ideal for someone who enjoys building secure systems from the ground up.

What You’ll Do

You will partner with Product and Engineering at both the design and development stage to ensure that we implement new features securely, including:

• Participating in the implementation efforts
• Doing security reviews
• Helping with product design decisions
• Auditing and surfacing vulnerabilities in our current products
• Conducting threat modeling and security assessments for new features and systems, identifying risks early and shaping secure architectural decisions.
• Developing and improving our Automated Tooling: further enhancing our automated tooling to scale our product security capabilities and find potential code problems both before and after we deploy
• Making the safe way, the easy way: work on defining and building application guardrails so that developers can build securely by default
• Investigating and remediating security issues, including vulnerabilities and incidents, and drive long-term improvements to prevent recurrence
• Embedding a culture of secure development across engineering, defining practices that influence how Turnkey builds, deploys, and maintains systems