Пълно описание
Tradu is a new multi-asset global trading platform and is part of the Stratos group of companies. Tradu, built by traders for traders, provides the most sophisticated traders with a serious platform that allows them to move easily between asset classes such as stocks, CFDs and crypto, depending on the regulations that govern the trader’s market.
At Tradu, we believe that talent knows no borders. We are a team of 650+ multilingual people around the globe. Our commitment to diversity, inclusion, and innovation extends across continents, creating a dynamic blend of skills and experiences that drives our success.
As Manager, Crypto Security and Risk, you will be the key stakeholder for security and operational risk within the crypto silo of our multi-asset brokerage platform. You’ll ensure crypto-specific risks are identified, mitigated, and embedded into custody systems, exchange operations, wallet flows, and smart-grid integrations.
While you own the security view across the crypto silo, you’ll also be one of the key contributors shaping the platform overall—working closely with the Head of Exchange and Director of Product as a sparring partner. You will own the Crypto Risk Policy, coordinate crypto-related audits, and define guardrails for secure, resilient operations. The role combines policy ownership with deep technical awareness, especially as the platform moves toward frontend control and broader architectural decentralization.
Key Responsibilities: Security Leadership Across the Crypto Stack
Working Hours: 40/week, Monday–Friday. Hybrid: 3 days in-office.
Contract type: Labor contract with Stratos Support EAD
If you are interested in this position, please send us your CV in English.
Only short-listed candidates will be contacted for an interview.
At Tradu, we believe that talent knows no borders. We are a team of 650+ multilingual people around the globe. Our commitment to diversity, inclusion, and innovation extends across continents, creating a dynamic blend of skills and experiences that drives our success.
As Manager, Crypto Security and Risk, you will be the key stakeholder for security and operational risk within the crypto silo of our multi-asset brokerage platform. You’ll ensure crypto-specific risks are identified, mitigated, and embedded into custody systems, exchange operations, wallet flows, and smart-grid integrations.
While you own the security view across the crypto silo, you’ll also be one of the key contributors shaping the platform overall—working closely with the Head of Exchange and Director of Product as a sparring partner. You will own the Crypto Risk Policy, coordinate crypto-related audits, and define guardrails for secure, resilient operations. The role combines policy ownership with deep technical awareness, especially as the platform moves toward frontend control and broader architectural decentralization.
Key Responsibilities: Security Leadership Across the Crypto Stack
- Act as the key security stakeholder for the crypto silo: covering exchange operations, custody systems, wallet flows, integrations, and internal tooling.
- Actively contribute to platform design and toolchain decisions, embedding crypto security in both development and operational phases.
- Shape secure workflows for key management, transaction approvals, admin access, and privileged operations.
Custody & BCDR Readiness
- Support the secure design of MPC-based custody structures, including signing thresholds and key recovery logic.
- Represent crypto security in the Business Continuity and Disaster Recovery (BCDR) process, ensuring custody availability and resilience.
Policy Ownership & Audit Coordination
- Own and maintain the Crypto Risk Policy, aligned with enterprise governance and evolving regulatory requirements.
- Coordinate internal and external security audits tied to the crypto stack, including policy, infrastructure, and control review.
Security Controls & Data Protection
- Define and enforce role-based access controls, escalation paths, and separation of duties across the crypto domain.
- Ensure proper treatment of personally identifiable information (PII) in transaction workflows.
- Identify and mitigate threats typical in enterprise-scale apps: authentication, session handling, injection vectors, impersonation, XSS/CSRF, and rate-based abuse.
Monitoring & Incident Preparedness
- Contribute to the design of crypto-relevant monitoring, alerting, and audit trail mechanisms.
- Support crypto-specific incident response planning and post-event analysis, including log handling and investigative readiness.
- Integrate and manage SIEM tools to centralize crypto-relevant logs, support anomaly detection, and enable forensic investigation.
Governance & Risk Participation
- Maintain a crypto-focused operational risk register and corresponding mitigations.
- Represent crypto security in internal risk and compliance forums.
Requirements
- 5+ years in cybersecurity or DevSecOps, with at least 2 years in crypto exchanges, digital asset platforms, or custody operations.
- Proven expertise in custody architectures (MPC, multi-sig, HSM), wallet operations, and blockchain-layer risk.
- Knowledge of AWS and secure system integration.
- Awareness of crypto-specific threat patterns
- Experience coordinating audits, authoring policies, and participating in security governance.
- Strong communicator with fluency in English (C1+); able to navigate cross-functional contexts with precision.
Preferred Qualifications
- Exposure to custody platforms like Fireblocks, Qredo, or equivalent.
- Familiarity with frontend or API attack patterns in exchange platforms.
- Involvement in crypto incident management or post-mortem investigations.
- Awareness of evolving regulatory obligations (e.g. MiCA, DORA).
- Certifications such as CISSP, CISM, GCPN, or AWS Security are a plus.
Working Hours: 40/week, Monday–Friday. Hybrid: 3 days in-office.
Contract type: Labor contract with Stratos Support EAD
If you are interested in this position, please send us your CV in English.
Only short-listed candidates will be contacted for an interview.