Senior DevSecOps Engineer (NYC / MIA)

Global financial rails are undergoing a once-in-a-generation transformation. Instant settlement. Programmable. Agent-first. Crossmint is the infrastructure helping companies build for that future.
We are the leading all-in-one stablecoin and wallet infrastructure platform, enabling fintechs, enterprises, and agentic platforms to integrate stablecoin rails with speed, compliance, and scale. Crossmint provides everything enterprises need to ship smart financial rails, including smart wallets, cross-chain stablecoin orchestration, on/offramps, token checkout, and more, all through a single developer-friendly API.
Trusted by more than 40,000 clients including global leaders like MoneyGram, Western Union, and Paga to nation states like the Marshall Islands, Crossmint powers stablecoin flows that move billions from cross-border remittances, global payroll, to the world's first digital UBI program.
MiCA-authorized, PSD2-licensed, and SOC2 Type II certified, Crossmint serves 150+ countries globally across 50+ blockchains. Backed by Ribbit Capital, Franklin Templeton, NYCA, First Round, and Lightspeed Faction.
We're building the infrastructure for the era of programmable finance. Join us!

NYC or Miami. Hybrid office setting.

Full-time

160,000 - 180,000 USD

Note: Final level and compensation are determined during the interview process based on experience and fit.

4–8 years of experience as a security engineer, with a clear security-first background.

We are looking for a Senior DevSecOps Engineer to own the operational execution of security at Crossmint. Security is your core discipline. Cloud infrastructure and IT are the environments you secure, and you will work alongside the teams that operate them, but you are here first and foremost as a security practitioner.

You will be the hands-on owner of our day-to-day security posture: cloud environments, developer pipelines, application security, vulnerability management, and compliance operations. You will partner regularly with Engineering and IT & Infrastructure, contributing security expertise into their work rather than running their functions. This is not a generalist infrastructure role with security responsibilities bolted on.

Cloud and Infrastructure Security

• Own security across our AWS environments (primary), with additional exposure to GCP and Vercel: IAM, Security Hub, CloudTrail, GuardDuty, KMS, and related controls.

• Design, maintain, and monitor security controls across cloud infrastructure: logging pipelines, alerting thresholds, key management, and privileged access workflows.

• Manage security-relevant access controls across cloud environments and internal systems, including service accounts, credential rotation, and periodic access reviews.

• Provide security input to IT & Infrastructure on network segmentation, endpoint security baselines, and cross-system access policies, without owning those systems yourself.

Application and Developer Security

• Secure our CI/CD pipelines and GitHub Actions environments: secrets management, supply chain risk, and dependency vulnerability workflows.

• Perform secure code reviews and provide hands-on application security support to engineering teams.

• Review authentication flows, payment logic, and API security with human judgment, not just automated scanners.

• Partner with engineers to remediate vulnerabilities and embed security practices into the development lifecycle.

Vulnerability and Incident Management

• Own vulnerability management end-to-end: identification, prioritization, remediation tracking, and verification.

• Coordinate our external security review program with third-party audit and penetration testing firms.

• Support incident response through internal triage and investigation, working alongside our external 24/7 response partners.

Compliance and Audit Support

• Support SOC 2 and other compliance efforts by collecting evidence, documenting controls, and maintaining audit-ready processes for engineering and security-related controls.

• Contribute to DORA compliance initiatives where applicable.

• Maintain clear, auditable documentation of security processes to support audit cycles and long-term knowledge transfer.

Must Haves

• 4–8 years of experience as a security engineer, with a clear security-first background rather than a generalist infrastructure background.

• 3+ years of hands-on experience securing AWS environments: IAM, Security Hub, CloudTrail, GuardDuty, and KMS.

• Strong practical knowledge of CI/CD security: GitHub Actions, secrets scanning, and dependency management.

• Experience with secure code review or core application security concepts (OWASP, auth flows, API security).

• Experience working within at least one compliance framework, SOC 2 preferred, with ISO 27001 or similar acceptable.

• Fluent communicator across technical teams — you can work productively with developers and IT engineers without needing to own their domains.

• Self-directed and organized. You track your own work and do not drop threads.

• Experience using AI-assisted tools such as Claude or GitHub Copilot for security automation or research.

• Ability to work flexible hours if an incident arises.

Nice to Haves

• Experience at a fintech, payments, or crypto company.

• Familiarity with DORA or MiCA compliance requirements.

• Exposure to blockchain or crypto-specific security considerations.

• Prior experience where security work regularly intersected with IT or infrastructure teams.

How to Succeed

• Take a security issue from identification through remediation with minimal guidance.

• Prioritize based on risk and impact, not on who is asking the loudest.

• Contribute meaningfully to Engineering and IT conversations without needing to own those functions.

• Document clearly enough that an auditor or a teammate can follow the trail six months later.

• Push back when something is insecure, and offer a practical alternative.

• Know when to escalate versus handle independently.

This is an opportunity to have real ownership over the operational security foundation of a company building core infrastructure for the next generation of financial systems. You will work closely with strong engineering and compliance partners, tackle meaningful security problems, and help scale a platform trusted by thousands of customers worldwide.

• Extensive access to leading AI tools and subscriptions, with AI actively encouraged and integrated into daily workflows.

• We conduct two performance reviews annually. The first addresses performance ratings, bonuses, and promotions. The second encompasses these elements along with salary adjustments reflecting inflation and market conditions.

• Stock options are part of every full-time offer. We want everyone here to be a genuine stakeholder in what we're building.

• Unlimited, flexible PTO.

• Parental Leave program.

• Flexible work schedule.

• Company laptop and allowance for any necessary home equipment.

• Daily stipend for commuting to the office and/or meals.

• Three company-paid off-sites per year.

• Health, dental, vision, life, short-term disability (STD), and long-term disability (LTD) insurances.

• 401(k) Plan.

• Results and delivery: Ship high quality work fast.

• Build for the long term: Build scalable, secure, and reliable solutions. Use AI.

• Extreme Ownership: Be an effective Directly Responsible Individual (DRI). Be proactive.

• Be a team player: Be an effective and kind colleague providing credible challenge. Be present and reliable.

Talent research indicates that women are often less inclined than men to apply for a role unless they have experience in 100% of the listed skills. However, this list is only a guide. We welcome your application even if you feel you meet around 75% of the requirements. At Crossmint, we believe skills can be learned, and diversity makes us stronger.

We work to foster a respectful environment where each person can be their authentic self, free from harassment, racism, and any form of discrimination. We proudly uphold our commitment to diversity and inclusion as an equal opportunity employer, and this policy applies to all employment practices within our organization.

Please note that Crossmint never conducts AI-based interviews, and all of our processes include an initial video call with a team member. Crossmint will not request your personal identification documents or any payment at any point during your interview process. Please stay vigilant about potential fraud. If you receive an email that claims to be from Crossmint but ends with any domain other than @crossmint.com, @crossmint.io or @paella.dev, it is not from us. We own these three domains listed before, and they are the only legitimate ones.

Please let our Talent Team know if you need any assistance completing any forms, or participating in the process.

Our People Ops team will be joining you throughout the entirety of the interview and onboarding processes. Feel free to reach out if you need anything!

• Adolfo Fernández - Head of People Ops

• Gloria Alogo - People Ops, Onboarding & Benefits

⚠️ Please note that these are the only members of our People Ops team. Please remain vigilant and watch out for impersonators.

Follow us on Linkedin and X to keep updated with our latest activity! 👣