We are actively seeking a highly skilled and experienced Senior SOC Engineer with expertise in cryptocurrency exchange security operations. This pivotal role is instrumental in ensuring the security of our digital assets and customer funds by leading comprehensive security monitoring, incident response, and threat analysis activities.
Given the unique challenges of operating a cryptocurrency exchange, this position requires deep understanding of blockchain security, digital wallet protection, and financial crime prevention, with particular emphasis on threat intelligence analysis and insider threat detection.
Key Responsibilities:
Security Operations Center (SOC) Management
Lead security monitoring operations for cryptocurrency exchange infrastructure, trading platforms, and digital wallet systems.
Oversee real-time analysis of security events, alerts, and anomalies across blockchain networks, trading engines, and customer-facing applications.
Coordinate incident response activities for security breaches, suspicious trading activities, and potential fraud attempts.
Manage and optimize SIEM platforms, security orchestration tools, and automated response systems.
Develop and maintain security playbooks specific to cryptocurrency exchange operations and digital asset protection.
Collaborate with Data and Application Security teams to ensure end-to-end protection of data pipelines, APIs, and application architectures within the exchange ecosystem.
Insider & Threat Intelligence Analysis
Monitor dark web marketplaces, criminal forums, and threat actor communications for indicators targeting cryptocurrency businesses.
Conduct tactical, operational, and strategic threat assessments specific to digital asset platforms.
Develop threat intelligence feeds and indicators of compromise (IoCs) relevant to cryptocurrency security.
Collaborate with external threat intelligence providers and cryptocurrency security communities.
Design and implement comprehensive insider threat detection programs tailored to cryptocurrency exchange environments.
Analyze user behavior patterns to identify potential malicious insider activities or account compromises.
Conduct investigations into suspicious employee activities, unauthorized access attempts, and data exfiltration.
Work closely with the Data Security team to validate data protection controls and ensure secure handling of sensitive user and transaction data.
Incident Response & Forensics
Lead incident response efforts for security breaches, fund theft attempts, and system compromises.
Conduct digital forensics investigations on cryptocurrency-related security incidents.
Coordinate with law enforcement, regulatory bodies, and external security firms during major incidents.
Develop and maintain incident response procedures specific to cryptocurrency exchange operations.
Create post-incident reports and recommendations for security improvements.
Collaborate with Application Security teams to remediate vulnerabilities and strengthen overall system resilience post-incident.
AI and Advanced Analytics Integration
Leverage AI Agents and automation to enhance security analysis, incident triage, and anomaly investigation.
Develop and deploy AI-driven solutions to enhance security monitoring, anomaly detection, and threat prediction capabilities.
Utilize machine learning models for behavioral analysis, event correlation, and automated alert triage across SOC operations.
Partner with engineering, data, and security teams to embed AI technologies into incident response workflows and fraud prevention systems.
Evaluate emerging AI security tools and frameworks to continuously improve the organization’s detection accuracy and response efficiency.
Ensure that all AI-driven systems adhere to security, privacy, and compliance standards relevant to cryptocurrency and digital asset environments.
Required Qualifications:
Experience: Minimum 5+ years in Security Operations Center (SOC) management or operations, preferably within financial services, fintech, or cryptocurrency exchange environments.
Certifications: CISSP, GCIH, GCFA, GNFA, GCTI, CEH, or equivalent security certifications required.
SIEM Expertise: Advanced proficiency with leading SIEM platforms such as Sumo Logic, Splunk, QRadar, or Microsoft Sentinel, including the development of custom correlation rules and dashboards.
Threat Intelligence: Proven experience using threat intelligence platforms (MISP, ThreatConnect, Anomali) and frameworks such as MITRE ATT&CK and the Diamond Model for threat analysis and response.
Programming & Automation: Strong proficiency in Python, PowerShell, or similar scripting languages for automation, data analysis, and integration with SOC tools.
Cloud Security: Hands-on experience securing cloud infrastructures (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes).
AI & Machine Learning: Practical experience applying AI and machine learning techniques in cybersecurity operations, such as automated anomaly detection, predictive threat modeling, and behavioral analytics. Familiarity with AI-driven security tools, data science workflows, or integrating ML models into SOC environments is highly preferred.
Collaboration: Ability to work cross-functionally with Data and Application Security teams to enhance overall security posture and ensure protection of digital assets across systems and applications.
