Senior Product Security Engineer / Architect 100 %
Taurus SA
- Employment type
- Full-time
- Location
- Lausanne
- Company
- Taurus SA, Place Ruth-BÖSIGER 6, 1201 Genève
- First posted
Link: https://join.com/companies/taurusgroup/16394548-senior-product-security-engineer-architect-lausanne
Do you want to be part of a new entrepreneurial adventure and contribute to building the next global FinTech? We may have the position you need.
Missions:
A role of deeply operational individual contributor, where you will raise the level of security of the product itself. You are the security partner that engineers want to have in the room: someone able to open a diff, understand the attack surface, build the automation that imposes the fix, and deliver it on the same day. A large part of this surface being cryptographic (keys, signature, HSM, and the trust boundary surrounding them), this is where you will have the most impact.
Responsibilities
Ensure product security for all digital asset products concerned: Taurus-PROTECT, Taurus-CAPITAL, Taurus-EXPLORER, and Taurus-NETWORK. Contribute to the product security of financial services.
Contribute to the security architecture for HSM, confidential computing, MPC, and cryptographic systems
Perform security reviews of application code, cryptographic workflows, smart contracts, HSM integrations, and enclave-based components
Model threats of new features and review architectural designs before their production deployment
Lead and supervise intrusion tests, reproduce results, and validate remediation plans
Build and maintain automation that imposes security safeguards — on CI/CD pipelines, software supply chains, Kubernetes environments, and deployment platforms
Collaborate with product engineering teams to design and deliver fixes, not just report findings
Review authorization models, privilege management, identity integrations, and operational access controls
Support incident response, vulnerability management, and security investigations
Support client audits, RFPs, security workshops, and regulatory discussions
Translate regulatory and compliance requirements into concrete technical controls
Ensure monitoring of security news and trends; identify their potential impact on products and ensure the rapid application of corrective measures
Profile:
Master's or Doctoral degree in Computer Science, IT Security Engineering, or Cryptography
Minimum 7 years of experience in application security, product security, offensive security, or security engineering
Experience in security-critical environments — financial services, payments, identity, asset custody, embedded systems, or regulated platforms
Fluent English, both written and spoken
Key Requirements
Application and Product Security:
Solid experience in security code review in at least two of the following languages: Go, C/C++, TypeScript, Python
Threat modeling, secure design reviews, and penetration testing
Ability to identify business logic flaws, authorization issues, cryptographic misuse, and complex attack paths
Cryptography and Key Management:
Solid foundation in applied cryptography: PKI, TLS, X.509; AES, RSA, ECDSA, EdDSA; key management and key ceremonies; secure key storage and signing workflows
Experience with HSM technologies and PKCS#11 environments
Infrastructure and Cloud Security:
Solid experience in Kubernetes and container security
Familiarity with cloud IAM, workload identity, secret management, and policy-as-code
A builder mindset — you implement security controls, not just review them
Secure Hardware and Confidential Computing:
Experience with one or more of the following: Thales / Luna HSM, AWS CloudHSM, Azure Managed HSM, Intel SGX, AMD SEV-SNP, AWS Nitro Enclaves, Azure Confidential Computing
Interpersonal and Communication Skills:
Comfortable exchanging with security teams, auditors, regulators, enterprise clients, and CISO prospects
Able to explain complex security topics in a clear and pragmatic manner
A significant plus
Blockchain and smart contract security
MPC and threshold signature systems
Fuzzing and software security testing
Compliance and regulatory security frameworks (FINMA, DORA, MiCA, ISO 27001, SOC 2, FIPS 140-3)
Public security research, CVE, bug bounty experience, or open-source security contributions
Experience in supporting RFPs, security questionnaires, and client due diligence
Degree in Computer Science, Security, or equivalent practical experience
Benefits
An opportunity to work at the intersection of digital assets and finance
A qualified and experienced team, including world-renowned experts
A dynamic learning environment, entrepreneurial spirit, and strong team spirit
An ideal time to join the company as it grows and develops
State-of-the-art technology and IT infrastructure
Hybrid remote work and flexible hours
Convivial team events
As the company evolves in a dynamic and innovative environment, its DNA is based on merit. Therefore, significant growth opportunities will be offered to candidates with an open and results-oriented mindset. We are an equal opportunities employer.
Automatically translated from the original.
Posted today