Senior Security Engineer - Remote APAC

A leading global cryptocurrency platform is seeking an experienced independent contractor to provide senior-level security engineering services. Operating since 2015, the company serves millions of users worldwide, enabling them to buy, sell, trade, earn, and learn about crypto through its web and mobile app, news platform, and educational resources.

This is a fully remote engagement. The successful candidate may be based anywhere within the APAC region and will work independently from their own location. Collaboration windows aligned to Japan Standard Time (JST / UTC+9) are required for activities such as architecture reviews and incident response.

The contractor will report to the Director of Engineering and liaise with DevOps and Engineering teams across an AWS-native, containerised stack.

•      Design and implement security controls across AWS, EKS/Kubernetes, CI/CD pipelines (Jenkins, GitHub Actions, ArgoCD), and AI/agentic workflows.

•      Deliver threat models, risk assessments, and security architecture reviews across infrastructure, applications, and AI-driven systems.

•      Manage end-to-end vulnerability management across code, infrastructure, and AI-generated artifacts using tools such as NewRelic, Bugsnag, and security scanners.

•      Develop secure-coding and AI-usage standards, including guardrails for LLMs, copilots, and automated workflows.

•      Build and operate security monitoring, alerting, and incident response capabilities, including detection of AI/agent-related risks.

•      Evaluate and recommend security and AI tooling (SAST/DAST, SIEM, EDR, secrets management), with least-privilege access and secure integrations.

•      Harden infrastructure and data layers (Terraform, IAM, VPC, Cloudflare, Cassandra, Kafka, Redis), including protections against unauthorised or automated actions.

•      Support compliance objectives (SOC 2, ISO 27001), with a focus on auditability, data protection, and governance of AI systems.

•      Provide security expertise across AI, cloud, and Web3 domains (smart contracts, key management, bridges).

•      Advise product and blockchain teams on risk mitigation in decentralised systems.

•      5–8 years of demonstrated experience in security engineering across application, cloud, and infrastructure security.

•      Hands-on experience securing AWS environments (IAM, VPC, EKS, S3, EC2) and Kubernetes.

•      Application security proficiency including OWASP Top 10, secure SDLC, code reviews, and common tooling (SAST/DAST, SIEM, secrets management).

•      Strong foundation in network security, cryptography, and authentication protocols (OAuth, SAML, MFA).

•      Experience with incident response, threat modelling, and frameworks such as MITRE ATT&CK.

•      Familiarity with compliance standards including SOC 2, ISO 27001, NIST, and GDPR.

•      Ability to operate independently, self-manage deliverables, and maintain flexible scheduling.

•      Located within the APAC region with availability during agreed JST-aligned collaboration windows.

•      Professional certifications such as CISSP, OSCP, or AWS Security Specialty.

•      Crypto/Web3 security knowledge including smart contracts, wallet/key management, and blockchain attack vectors.

•      DevSecOps and CI/CD security integration experience.

•      Experience with Cloudflare, service mesh technologies (e.g. Istio), or microservices security.

•      Software engineering background in Java, Rust, or TypeScript.

•      Smart contract auditing or Web3 tooling (Slither, MythX, Certora, on-chain monitoring).

•      Experience building or scaling a security function within a fast-growing organisation.