Founding Senior/Staff/Principal Security Engineer

Founding Senior/Staff/Principal Security Engineer (Stealth Startup)

Location:
Palo Alto, CA (On-Site/Hybrid)

Role Type:
Founding Security Engineer — Senior / Staff / Principal Level

About Us

We're a venture-backed startup headquartered in downtown Palo Alto, operating in stealth as we prepare for a public launch in mid-2026. Backed by top-tier investors, we're building something the world hasn't seen before - an operating system for modern nation-states.

Our platform unifies digital identity, payments, and citizen services into one seamless super-app: a new digital fabric for how nations connect with their people. Powered by AI and stablecoin rails, it delivers real-world utility at national scale, from transparent remittances to personalized services, designed to make civic engagement more inclusive, efficient, and trusted.

We're starting with the U.S. LatAm corridor, a region where innovation meets real-world impact, and expanding globally from there.

If you're driven by bold ideas and ready to help shape the next generation of digital infrastructure for the world, this is your moment to build with us.

The Opportunity: Architect Security from Day One

We're looking for an exceptional Senior, Staff, or Principal Security Engineer to join as a founding team member and take complete ownership of security architecture, systems hardening, and incident response across our platform.

This is not a compliance role — it's a hands-on builder position. You will design and implement secure infrastructure, data protection, authentication flows, and threat detection systems for a product that handles real money movement, sensitive communication, and digital identity at national scale.

What You Will Own

1. Security Architecture & Infrastructure

2. Define and implement end-to-end security architecture across backend, mobile, and cloud environments (GCP preferred).

3. Establish zero-trust infrastructure foundations: network segmentation, service-to-service authentication (mTLS), secrets management, and key rotation policies.
4. Design and enforce least-privilege IAM models for GCP, Kubernetes, and CI/CD systems (Terraform-based).

5. Implement secure configuration baselines, vulnerability management pipelines, and compliance readiness (SOC2, ISO27001, PCI-DSS relevant for payments).

6. Product & Application Security

7. Lead threat modeling and security reviews for new product features — including community, chat/communication, wallet, and remittance flows.

8. Define secure API design principles, data encryption standards (at rest and in transit), and secure messaging protocols.
9. Establish automated code scanning, dependency checks, and secure CI/CD integration (in collaboration with DevOps).

10. Champion a secure-by-design culture within engineering.

11. Payments & Identity Security

12. Design end-to-end transaction security: payment authentication, anti-fraud, anti-money laundering (AML) controls, and anomaly detection signals.

13. Partner with backend and compliance teams to ensure Travel Rule, KYC, and data residency adherence.
14. Implement cryptographic key management practices for custodial and non-custodial wallets (e.g., MPC, HSM, KMS).

15. Collaborate with external partners (e.g., Coinbase WaaS, stablecoin issuers) to audit and secure cross-border transaction flows.

16. Detection, Response & Monitoring

17. Build the Security Operations foundation: log ingestion, SIEM/SOC setup, and alert pipelines.

18. Define incident response and RCA frameworks, including drills and runbooks.
19. Deploy telemetry for intrusion detection, anomaly spotting, and behavioral analytics across systems.

20. Integrate with observability platforms (e.g., Datadog, Prometheus, Cloud Operations Suite).

21. Culture, Mentorship & Leadership

22. Establish security standards, policies, and best practices that set the tone for all future hires.

23. Mentor engineers on secure coding, privacy, and incident handling.
24. Represent the security function in product discussions, investor conversations, and with external auditors.

What You Bring

• 8–12+ years of experience in Security Engineering, SRE Security, or Application/Infrastructure Security, with at least 2+ years at Staff/Principal (Google L6/L7 equivalent) level.
• Proven experience building and securing large-scale, distributed systems at a top-tier tech company (e.g., Google, Meta, Uber, Coinbase, Stripe, etc.).
• Deep expertise in:
• Cloud Security: GCP (preferred), AWS, or Azure; IAM, VPC, KMS, Secret Manager
• Containers & Orchestration: Kubernetes, Docker hardening, admission controls
• Infrastructure as Code Security: Terraform, policy as code (OPA, Conftest)
• Network Security: firewalls, VPNs, service mesh, DDoS mitigation, WAF
• AppSec: Secure API design, OAuth2/OIDC, JWT, TLS, data encryption
• Payments/Fintech Security: PCI, travel rule, crypto custody, AML/KYC controls
• Incident Response & Detection: SIEM, SOC setup, forensic triage
• Strong familiarity with compliance and privacy frameworks (SOC2, GDPR, ISO27001).
• Excellent cross-functional communication, able to translate complex security tradeoffs for product and leadership stakeholders.
• Passion for security automation, AI-assisted threat detection, and building a culture of proactive security awareness.

What We Offer

• Exceptional Compensation: Highly competitive salary and a significant equity package to reward your outsized impact.
• Unparalleled Ownership: Direct influence on all technical and cultural decisions.
• Impact: The opportunity to build a massive-scale platform.
• Culture: A high-trust, low-bureaucracy environment with a focus on fast iteration and technical excellence.

Benefits

• Top-tier health coverage: Comprehensive suite of benefits, including PPO medical plans and other competitive coverage options for vision and dental for employee and family.
• Founding equity: Meaningful ownership in the company so you share in our long-term success.

Perks

• $300 Monthly Flex Allowance: Apply toward commuting costs (CalTrain pass, parking permit) or other incidentals.
• Complimentary Meals: Lunch provided in the office on Mondays, Tuesdays, and Thursdays, plus occasional team dinners when schedules allow.
• Hybrid Schedule: Focus days from home on Wednesdays and Fridays; collaboration days in our Palo Alto office Mondays, Tuesdays, and Thursdays.
• Unlimited PTO (Manager Approval Required): Flexible paid time off, subject to manager approval, to support rest, recharge, and personal commitments.
• Quarterly Team Offsites & Outings: Dedicated time to connect, align, and have fun together outside the office.