Senior Security Engineer, Digital Asset Custody
Charles Schwab · Austin, TX · 2 wk ago
HybridInformation TechnologyFull-time
Custody Key Management & Cryptographic Architecture
- Design, implement, and evolve institutional-grade key management architectures, including:
- Hardware Security Modules (HSMs)
- Multi-Party Computation (MPC)
- Secure key generation, storage, rotation, signing, and recovery
- Define clear trade-offs and architectural patterns across hot wallet, warm wallet, and cold storage models.
- Ensure cryptographic designs align with regulatory, security, and audit expectations.
- Partner closely with Cybersecurity and Risk to embed defense-in-depth and zero-trust principles into custody design.
Custody Policy Engine & Governance
- Lead the design of the Custody Policy Engine, governing:
- Authorization, approvals, limits, and segregation of duties
- Transaction controls and exception handling
- Policy versioning, auditability, and enforceability
- Translate business, legal, and risk requirements into clear, enforceable technical controls.
- Serve as a trusted technical advisor on custody governance topics.
Disaster Recovery, Resilience & Incident Ownership
- Own custody-specific disaster recovery strategies, including key recovery, quorum loss scenarios, and chain events.
- Author and maintain incident response and recovery runbooks for custody-related failures or security events.
- Partner with Operations, Security, and SRE to ensure practicable, tested recovery procedures.
- Lead post-incident technical analysis, root cause reviews, and long-term remediation strategies.
Overall Custody Architecture & Risk Posture
- Act as the custody architecture authority, ensuring consistency across wallets, blockchains, environments, and platforms.
- Identify architectural and operational risks early; propose mitigation strategies with clear trade-offs.
- Ensure custody designs scale across assets, chains, and tokenized products without erosion of risk posture.
- Influence enterprise standards by raising the bar on security, resilience, and technical rigor.
AI-Augmented Engineering Excellence
- Leverage GenAI and agentic AI tools to accelerate architecture design, threat modeling, documentation, testing, and reviews.
- Set expectations for AI-assisted engineering rigor—speed with correctness, not shortcuts.
- Partner with engineering teams to raise architecture, code, and documentation quality across custody components.
Required Qualifications
- 10+ years of software engineering experience, with deep specialization in security-sensitive or cryptographic systems.
- Strong hands-on experience with HSMs, MPC frameworks, and secure key management systems.
- Experience with Web3 Security tooling such as Slither, Mythril, Foundry Fuzzing
- Experience with common cryptography implementation languages such as C, C++, Rust, Go
- Experience with collaborating with security auditors, Ex: Trail of bits, halborn,
- Proven ability to design systems where failure has material risk implications.
- Strong grounding in distributed systems, secure architectures, and fault-tolerant design.
- Track record of acting as a technical authority without formal people management.
Strongly Preferred
- Experience with crypto custody, digital asset platforms, or blockchain infrastructure.
- Prior ownership of incident response, DR design, or security runbooks.
- Able to articulate risk-based trade-offs clearly to technical and non-technical stakeholders.
- Systems thinker who connects technology, security, policy, and operations.
- Comfortable challenging assumptions and raising concerns early in high-stakes environments.
- Experience applying AI tools to complex engineering workflows.