Summary

Company Information

TRM is on a mission to build a safer financial system for billions of people. We deliver a blockchain intelligence data platform to financial institutions, crypto companies, and governments to fight cryptocurrency fraud and financial crime. We consider our business — and our profit — as a way to move towards our mission sustainably and at scale.

Role Information

The Security team is responsible for and committed to securing all things at TRM. From our customers to our code, and everything in between, the security team is involved in all aspects of the business. We are looking for an Application Security Engineer to build mission-critical infrastructure that ensures the highest levels of availability, performance, and application security at TRM for products as built and deployed. From designing the technical strategy to company-wide best practices and implementation, you’ll work closely with engineering and engineering leadership to ensure TRM’s products are safe and secure.

The impact you will have here:

Lead application security reviews and threat modeling, including secure code review, architectural design, and testing

Develop automated testing and mature our Secure SDLC

Own and perform application security vulnerability management

Coordinate penetration testing engagements

Support software engineers and product teams by developing application security best practices

Develop and maintain the bug bounty program

Bootstrap platform security initiatives that help protect TRM data

Inspire a culture of security across the engineering organization by fostering security champions within engineering teams and coordinating secure code training.

What we’re looking for:

Minimum 8 years of experience in Software Development and testing.

BS (or equivalent) in Computer Science, Computer Engineering, or related field.

Proficiency in software development languages: Python, NodeJS, React

Strong understanding of encryption, authentication, and authorization protocols

Deep experience with common software flaws (e.g., OWASP and CWE), testing methodologies , and using common security tooling for testing.

Professional experience with open source, commercial, or native security solutions for cloud providers such as GCP and AWS. Experience with modern secure software development lifecycles, threat modeling, and best practices.

Experience with conducting efficient and comprehensive code security reviews on a daily or weekly basis

Experience triaging and remediating vulnerabilities in software packages or libraries

Experience with Software Security tools such as Github advanced security or other SAST, DAST, and SCA tools

Experience with Web application testing frameworks such as BurpSuite, OWASP ZAP, etc.

Experience with Threat modeling tools such as OWASP Threat Dragon, etc.

Experience working in a previous agile-based software development role required

Experience Red Teaming or penetration testing applications and infrastructure

Professional experience with cloud providers (e.g., GCP and AWS), modern secure software development lifecycles, and best practices.

Strong written and verbal communication skills.

Security certifications such as OSCP, CEH, GWAPT are a plus.

Familiarity with security frameworks (e.g., NIST SP 800-171 SSDF) is a plus

About TRM's Engineering Levels:

Engineer: Responsible for helping to define project milestones and executing small decision decisions independently with the appropriate tradeoffs between simplicity, readability, and performance. Provides mentorship to junior engineers, and enhances operational excellence through tech debt reduction and knowledge sharing.

Senior Engineer: Successfully designs and documents system improvements and features for an OKR/project from the ground up. Consistently delivers efficient and reusable systems, optimizes team throughput with appropriate tradeoffs, mentors team members, and enhances cross-team collaboration through documentation and knowledge sharing.

Staff Engineer: Drives scoping and execution of one or more OKRs/projects that impact multiple teams. Partners with stakeholders to set the team vision and technical roadmaps for one or more products. Is a role model and mentor to the entire engineering organization. Ensures system health and quality with operational reviews, testing strategies, and monitoring rigor.

The following represents the expected range of compensation for this role:

The estimated base salary range for this role is $190,000 - $240,000.

Additionally, this role may be eligible to participate in TRM’s equity plan.

Life at TRM Labs

Leadership Principles

Our Leadership Principles are foundational element of our strategy, guiding how we make decisions, how we treat each other, and how we behave day-to-day.

Impact-Oriented Trailblazer: We put customers first, driving for speed, focus, and adaptability.

Master Craftsperson: We prioritize speed, high standards, and distributed ownership.

Inspiring Colleague: We value humility, candor, and a one-team mindset.

Build a Career

Joining TRM means being part of a mission-driven team comprised of industry leaders. At TRM, you'll experience:

Purpose and Mission: Have a real-world impact, from disrupting terrorist networks to returning stolen funds.

Inspiring Colleagues: Collaborate with industry leaders and learn something new daily.

Personal Growth: We're not just using technology; we're inventing it and taking category-defining products to market.

Work Environment

Remote First: Our HQ is online. Tools like Zoom and Slack ensure seamless collaboration, but we also value in-person interactions, organizing regular meetups and offsites for team bonding. Clear communication is key in our decentralized setup. With tools like Slack, Loom, and voice notes, we document meetings and decisions, promoting transparency and efficiency.

Ownership & TRM Speed: Small teams drive big goals at TRM. Every team member has significant ownership and responsibility, fostering an environment of initiative and direct impact. While there's no strict clocking in or out, we expect team members to balance personal schedules and team needs. We move “surprisingly fast” while maintaining a high bar in service of our customers and mission. This can feel both intense and rewarding. Our unique approach to projects emphasizes quick wins, rapid iterations, and constant feedback.

Diversity and Inclusion: Diversity at TRM encompasses backgrounds, experiences, and perspectives. Every day is an opportunity to learn from a colleague, whether they're a law enforcement expert or a tech pioneer.

Annual Company Offsite: Once a year, TRMers come together from around the world to attend a 1-week mandatory company offsite. This is designed to foster in-person relationships, creativity, and strategic alignment. Employee attendance is required of all TRMers.

Benefits and Perks

At TRM, we know that supporting our team members can take many forms. Our goal is to enable you to care for yourself, your family, and your community while eliminating stress through our diverse and curated benefits package for full-time employees.

Remote-first work environment

Competitive salaries and stock options

Health insurance

Life & disability coverage

Generous paid time for vacation, holidays, and parental leave

Join Us

We're looking for team members who love building from the ground up and want to work hard in a fast-paced and ambitious environment. We are remote-first, with exceptionally talented team members located around the world. If you like solving tough problems quickly and seeing your work improve the lives of billions of people, we want you at TRM.

We encourage you to reach out even if your experience doesn't precisely match the job description. Don't worry about picking exactly the right job; we can always explore other options after starting the conversation. Your passion and interests will set you apart, especially if your background or career is unconventional.