Engineering Manager, Product Security

Department: Engineering & Data

Location: Remote - United States, Remote - Canada

Compensation: $241,000 – $275,925 • Offers Equity • Offers Bonus • 15% Annual Salary

Employment Type: FullTime

About Paxos

Today’s financial infrastructure is archaic, expensive, inefficient and risky — supporting a system that leaves out more people than it lets in. So we’re rebuilding it.

We’re on a mission to open the world’s financial system to everyone by enabling the instant movement of any asset, any time, in a trustworthy way. For over a decade, we’ve built blockchain infrastructure that tokenizes, custodies, trades and settles assets for the world’s leading financial institutions, like Mastercard, Visa, Robinhood, and PayPal.

About the team

The Product Security team is responsible for keeping Paxos’ cloud-native platform secure, resilient, and compliant as we scale. We partner closely across all engineering teams to design, build, and operate secure-by-default applications in Kubernetes that power mission-critical payments, stablecoin, and brokerage products. The team owns core security capabilities of our platform like identity and access management in AWS, network segmentation, secrets management, inner-service communication, vulnerability management, and code scanning (SAST and DAST).

About the role

As the Engineering Manager, Product Security at Paxos, you will lead a team of security engineers responsible for securing our AWS and Kubernetes infrastructure end-to-end and ensuring applications are built and maintained safely. You’ll combine deep hands-on security engineering experience with strong people leadership to design secure cloud and application defaults, harden critical services, and build automated guardrails that enable product teams to move fast safely. You will drive the technical direction for cloud and application security,lead high-pressure incident response when needed, and grow a high-performing team that treats “security as an enabler,” not a bottleneck.

What you’ll do

• Lead, coach, and develop a team of cloud and application security engineers, including setting clear goals, providing ongoing feedback, and running performance reviews.

• Own the security posture of our cloud environment, including AWS account topology, access management, inner-service communication, network segmentation, and ongoing monitoring (e.g., Cloud Posture tools)

• Partner across the engineering and security organization to embed security into application designs, CI/CD pipelines, and influence roadmaps of other teams.

• Establish and scale automated guardrails for infrastructure as code/policy as code, SAST, and DAST to reduce manual toil.

• Act as Incident Commander for high-severity security incidents and vulnerabilities, coordinating technical response, stakeholder communication, and post-incident reviews.

• Collaborate with Compliance, Risk, and Legal to maintain and improve our security posture relative to frameworks like NIST, and to support customer and regulator inquiries.

• Partner with leadership on headcount planning, hiring, and organizational design to ensure the Platform Security team scales with the business.

• Champion a culture of security across Paxos through education, documentation, and close collaboration, helping teams ship secure systems quickly and confidently.

About you

• 8+ years of engineering experience (software, infrastructure, or security), including time as an individual contributor security engineer working on cloud or application security.

• At least 2–3 years of experience as an engineering manager, leading and developing security teams.

• Proven experience leading security of production AWS environments at scale, including AWS Organizations, IAM, SCPs, Transit Gateways, WAFs, and logging/monitoring.

• Hands-on experience deploying secure applications to multi-cluster Kubernetes environments (e.g., network policies, admission controllers, service mesh, secrets management, runtime hardening).

• Strong fluency of SSDLC lifecycle, from design to threat modeling to deployment with a bias on possible automation at every step of the way (Terraform/CDK, Policy-as-Code, SAST, DAST, AI-based penetration testing, etc).

• Deep understanding of security architecture concepts, including Zero Trust, mTLS, access management, least privilege, OWASP and application and cloud hardening best practices.

• Demonstrated experience leading incident response as an Incident Commander for major vulnerabilities or breaches, including coordinating cross-functional teams under pressure.

• Proficiency in headcount planning, performance reviews, and mentorship, with a clear and thoughtful leadership philosophy you can articulate with examples.

• Excellent communication skills, with the ability to explain complex security risks and trade-offs to both deeply technical engineers and non-technical stakeholders.

Disclaimer: The first week of employment will be conducted in person at our New York City headquarters. By applying to this role, you acknowledge and agree that you will be able to travel to and work from our New York City office for onboarding during this period.

Important Notice for Paxos Applicants

We’ve become aware of fraudulent accounts posting as Paxos recruiters on LinkedIn and other platforms. These scammers attempt to deceive applicants into paying for job opportunities or providing personal financial information.

To verify a legitimate Paxos recruiter:

• We only use @paxos.com email addresses

• We never ask for payment or financial details to apply, interview, or work here

• For technical roles, we do not perform a coding interview without prior screening by our engineering team

Thanks for your interest in Paxos!