Senior Security Engineer, Corporate Security
About Us
Turnkey builds secure, developer-first infrastructure for private key management, making it simple to create wallets, sign transactions, and automate on-chain actions through one elegant API – without ever exposing sensitive key material. Our mission is to secure the open internet by making strong cryptography and key management the default. Turnkey was founded by the team behind Coinbase Custody – the world’s largest and most secure crypto custodian – whose work has helped protect over $100B in crypto across the industry. Turnkey's team is low-ego, high-agency, and high-autonomy with more than 100 years of combined experience in cryptography, security, and low-level systems, building reliable infrastructure used at scale. Role Overview We are hiring a Senior Corporate Security Engineer to own and scale the security of Turnkey's corporate infrastructure. This is a foundational role - you'll be the first dedicated corporate security hire, working diectly with the security lead to build enterprise security capabilities from the ground up. In this role, you’ll protect Turnkey’s people, endpoints, SaaS, identity systems, and internal infrastructure, securing our distributed workforce while enabling the team to move quickly without compromising safety. Sitting at the intersection of security engineering, IT operations, and risk management, you’ll design and build security controls that are both robust and user-friendly, ensuring the company remains secure as it scales What You’ll Do
- Build & Secure Corporate Infrastructure
- Design, implement, and manage security for endpoints and distributed systems; deploy and operate our security stack (MDM, EDR/XDR, ZTNA, SSO); enforce zero-trust principles, least-privilege access, and hardening standards
- Drive Security Initiatives & Risk Reduction
- Lead initiatives around endpoint hardening, access controls, and vendor risk; conduct security design reviews, risk assessments, and vulnerability remediation; develop and enforce security policies and best practices.
- Detection, Response & Automation
- Respond to security incidents with urgency and technical depth; collaborate on detection rules, alerts, and monitoring; automate workflows and create runbooks and playbooks to scale security operations efficiently.
- Foster Security Culture & Education
- Evangelize security best practices, build awareness programs, and partner with teams to embed “secure by default” principles into workflows; serve as a trusted security advisor across the organization.
What We're Looking For
- 5+ years of experience in corporate and/or enterprise security, IT security, or endpoint security engineering
- Hands-on experience with:
- MDM Platforms (JAMF, Kandji, Intune, or similar)
- EDR/XDR solutions (Cloudstrike, SentinelOne, Microsoft Defender, etc.)
- Identity and Access Management (Okta, Azure AD/Entra ID, etc.)
- Authentication Protocols (SAML, OAuth, OIDC, SCIM, etc.)
- Zero-trust principles (device trust, conditional access, least-privilege models)
- Cloud security experience (AWS, GCP)
- macOS security expertise (architecture, hardening, and fleet management)
- Security-first mindset with practical knowledge of defense-in-depth and risk-based security
Style Points
- Crypto/web3 or FinTech experience
- Detection/response experience: SIEM, log analysis, threat hunting, or SOC operations
- Knowledge of modern threat landscape: Adversary TTPs, phishing, insider threats, etc.
- Security compliance experience: SOC 2, ISO 27001, or similar frameworks
What We Offer
- Full benefits, including medical, dental, vision, life, disability, HSA/FSA, 401(k) - detailed benefits overview available as we get further in the process
- Paid parental leave
- Unlimited PTO (and we will force you to take time off!)
- $3,000/yr learning and development budget to attend industry conferences
- Multiple team offsites per year
- Macbook Pro laptop
- Lunch stipend (for those physically in the New York City office)
Apply tot his job Apply To this Job