TRM Labs
Senior Application Security Engineer
Job Summary
The Application Security Engineer at TRM Labs is responsible for leading application security reviews, threat modeling, and vulnerability management to ensure the security of the company's products and infrastructure. They work closely with engineering teams to embed security best practices, develop secure software development lifecycle processes, and support security training initiatives. The role requires extensive experience in software development, security testing, and cloud security, with a focus on proactive risk assessments and automation. TRM emphasizes a fast-paced, collaborative environment that values security, impact, and continuous learning.
Required Skills
Benefits
Job Description
TRM Labs is a blockchain intelligence company committed to fighting crime and creating a safer world. By leveraging blockchain data, threat intelligence, and advanced analytics, our products empower governments, financial institutions, and crypto businesses to combat illicit activity and global security threats. At TRM, you'll join a mission-driven, fast-paced team made up of experts in law enforcement, data science, engineering, and financial intelligence, tackling complex global challenges daily. Whether analyzing blockchain data, developing cutting-edge tools, or collaborating with global organizations, you'll have the opportunity to make a meaningful and lasting impact.
The Security team is responsible for and committed to securing all things at TRM. From our customers to our code, and everything in between, the security team is involved in all aspects of the business. We are looking for an Application Security Engineer to build mission-critical infrastructure that ensures the highest levels of availability, performance, and application security at TRM for products as built and deployed. From designing the technical strategy to company-wide best practices and implementation, you’ll work closely with engineering and engineering leadership to ensure TRM’s products are safe and secure.
The impact you’ll have here:
- Lead application security reviews and threat modeling, including secure code review, architectural design, and testing.
- Develop automated testing and mature our Secure SDLC.
- Own and perform application security vulnerability management.
- Coordinate penetration testing engagements.
- Support software engineers and product teams by developing application security best practices.
- Develop and maintain the bug bounty program.
- Bootstrap platform security initiatives that help protect TRM data.
- Inspire a culture of security across the engineering organization by fostering security champions within engineering teams and coordinating secure code training.
What we’re looking for:
- Minimum 8 years of experience in Software Development and testing.
- BS (or equivalent) in Computer Science, Computer Engineering, or related field.
- Proficiency in software development languages: Python, NodeJS, React
- Strong understanding of encryption, authentication, and authorization protocols
- Deep experience with common software flaws (e.g., OWASP and CWE), testing methodologies , and using common security tooling for testing.
- Professional experience with open source, commercial, or native security solutions for cloud providers such as GCP and AWS. Experience with modern secure software development lifecycles, threat modeling, and best practices.
- Experience with conducting efficient and comprehensive code security reviews on a daily or weekly basis
- Experience triaging and remediating vulnerabilities in software packages or libraries
- Experience with Software Security tools such as Github advanced security or other SAST, DAST, and SCA tools
- Experience with Web application testing frameworks such as BurpSuite, OWASP ZAP, etc.
- Experience with Threat modeling tools such as OWASP Threat Dragon, etc.
- Experience working in a previous agile-based software development role required
- Experience Red Teaming or penetration testing applications and infrastructure
- Professional experience with cloud providers (e.g., GCP and AWS), modern secure software development lifecycles, and best practices.
- Strong written and verbal communication skills.
- Security certifications such as OSCP, CEH, GWAPT are a plus.
- Familiarity with security frameworks (e.g., NIST SP 800-171 SSDF) is a plus
About the Team:
- The culture of our team is built on mutual respect, where everyone's opinion is valued and heard.
- We prioritize flexibility and efficiency, always seeking smarter ways to work without compromising quality.
- Transparency is at the heart of how we operate, both within the team and with the business, as we focus on clearly communicating and addressing cyber risks.
- Our collaborative approach ensures that we not only mitigate these risks but also align our efforts with business goals to protect and drive success.
Team’s Time Zones:
- Eastern Standard Time (EST - GMT-4)
- Pacific Standard Time (PST - GMT-7)
- Central European Summer Time (CET - GMT+2)
Learn about TRM Speed in this position:
- Prioritize Rapid Threat Assessments: Efficiently perform security risk assessments and triage vulnerabilities based on immediate risk to the business, focusing on the most critical issues with minimal delays.
- Integrate Security Early in Development: Embed security testing and reviews within our Product Shipping Framework and CI/CD pipelines to ensure that security is automated and runs parallel to the fast-paced development cycle, preventing bottlenecks.
- Proactively Educate Developers: Conduct just-in-time security training for developers and engineers, offering real-time advice and code reviews to help them produce secure code without interrupting their workflow.
- Optimize Tools for Speed: Leverage lightweight and efficient security tools that can be quickly integrated into development environments without slowing down deployments, ensuring continuous and secure product iterations.
Life at TRM Labs
Leadership Principles
Our LPs are foundational elements of our strategy, guiding how we make decisions, how we treat each other, and how we behave day-to-day.
- Impact-Oriented Trailblazer – We put customers first, driving for speed, focus, and adaptability.
- Master Craftsperson – We prioritize speed, high standards, and distributed ownership.
- Inspiring Colleague – We value humility, candor, and a one-team mindset.
Accelerate your Career
Join a mission-driven team of industry leaders and make a real-world impact—disrupting terrorist networks, recovering stolen funds, and more. At TRM, you will:
- Work alongside top experts and learn every day.
- Embrace a growth mindset with development opportunities tailored to your role.
- Take on high-impact challenges in a fast-paced, collaborative environment.
What to Expect at TRM
TRM moves fast—really fast. We know a lot of startups say that, but we mean it. We operate with urgency, ownership, and high standards. As a result, you’ll be joining a team that’s highly engaged, mission-driven, and constantly evolving.
To support this intensity, we’re also intentional about rest and recharge. We offer generous benefits, including PTO, Holidays, and Parental Leave for full time employees.
That said, TRM may not be the right fit for everyone. If you're optimizing for work life balance, we encourage you to:
- Ask your interviewers how they personally approach balance within their teams, and
- Reflect on whether this is the right season in your life to join a high-velocity environment.
- Be honest with yourself about what energizes you—and what drains you
We’re upfront about this because we want every new team member to thrive—not just survive.
Thrive as a Global Team
As a remote-first company, TRM Labs is built for global collaboration.
- We cultivate a strong remote culture through clear communication, thorough documentation, and meaningful relationships.
- We invest in offsites, regional meetups, virtual coffee chats, and onboarding buddies to foster collaboration.
- By prioritizing trust and belonging, we harness the strengths of a global team while staying aligned with our mission and values.
Join our mission!
We’re looking for team members who thrive in fast-paced, high-impact environments and love building from the ground up. TRM is remote-first, with an exceptionally talented global team. If you enjoy solving tough problems and seeing your work make a difference for billions of people, we want you here. Don’t worry if your experience doesn’t perfectly match a job description— we value passion, problem-solving, and unique career paths. If you’re excited about TRM’s mission, we want to hear from you.
Recruitment agencies
TRM Labs does not accept unsolicited agency resumes. Please do not forward resumes to TRM employees. TRM Labs is not responsible for any fees related to unsolicited resumes and will not pay fees to any third-party agency or company without a signed agreement.
Privacy Policy
By submitting your application, you are agreeing to allow TRM to process your personal information in accordance with the TRM Privacy Policy
Learn More: Company Values | Interviewing | FAQs
TRM Labs
TRM Labs’ trusted blockchain intelligence allows you to detect and monitor crypto crime and conduct investigations. Learn more.
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.