Engineering Manager, Cloud Security

Pay and Benefits
Paxos offers a competitive total compensation and benefits package, including equity and bonuses based on both your individual performance and company performance. Eligibility for bonuses is dependent on job level, and actual salary within the range depends on your skills, experience, and qualifications.

About Paxos

Today’s financial infrastructure is archaic, expensive, inefficient and risky — supporting a system that leaves out more people than it lets in. So we’re rebuilding it.

We’re on a mission to open the world’s financial system to everyone by enabling the instant movement of any asset, any time, in a trustworthy way. For over a decade, we’ve built blockchain infrastructure that tokenizes, custodies, trades and settles assets for the world’s leading financial institutions, like Mastercard, Visa, Robinhood, and PayPal.

About the team

The Cloud Security team is responsible for keeping Paxos’ cloud-native infrastructure secure, resilient, and compliant as we scale. We partner closely with Product Engineering, Platform, SRE, and Compliance to design and operate secure-by-default AWS and Kubernetes platforms that power mission-critical payments, stablecoin, and brokerage products. The team owns core security capabilities like identity and access management, network segmentation, secrets management, logging and monitoring, and incident response across our multi-account, multi-cluster environment.

About the role

As the Engineering Manager, Cloud Security at Paxos, you will lead a team of security engineers responsible for securing our AWS and Kubernetes infrastructure end-to-end. You’ll combine deep hands-on security engineering experience with strong people leadership to design Zero Trust architectures, harden critical services, and build automated guardrails that enable product teams to move fast safely. You will set the technical direction for cloud security, lead high-pressure incident response when needed, and grow a high-performing team that treats “security as an enabler,” not a bottleneck.

What you’ll do

• Lead, coach, and develop a team of cloud security engineers, including setting clear goals, providing ongoing feedback, and running performance reviews.

• Own the security posture of our AWS and Kubernetes platforms, including multi-account AWS Organizations (SCPs, IAM, VPCs) and multi-cluster Kubernetes environments.

• Drive the design and implementation of Zero Trust architectures, including identity-based perimeters, mTLS, network segmentation, and least-privilege access controls.

• Partner with Platform, SRE, and Product Engineering teams to embed security into infrastructure roadmaps, CI/CD pipelines, and service architectures.

• Establish and scale infrastructure as code and policy as code practices (e.g., Terraform/CDK, OPA/Kyverno) to build automated guardrails and reduce manual configuration.

• Act as Incident Commander for high-severity security incidents and vulnerabilities (e.g., Log4j-style events), coordinating technical response, stakeholder communication, and post-incident reviews.

• Own the security engineering roadmap for cloud and container security, balancing short-term risk reduction with long-term strategic investments.

• Collaborate with Compliance, Risk, and Legal to maintain and improve our security posture relative to frameworks like SOC2 and ISO, and to support customer and regulator inquiries.

• Partner with leadership on headcount planning, hiring, and organizational design to ensure the Cloud Security team scales with the business.

• Champion a culture of security across Paxos through education, documentation, and close collaboration, helping teams ship secure systems quickly and confidently.

About you

• 8+ years of engineering experience (software, infrastructure, or security), including time as an individual contributor security engineer working on cloud or application security.

• At least 2–3 years of experience as an engineering manager, leading and developing security or infrastructure teams.

• Proven experience securing production AWS environments at scale, including AWS Organizations, IAM, SCPs, VPC design, Transit Gateways, WAFs, and logging/monitoring.

• Hands-on experience securing multi-cluster Kubernetes environments (e.g., network policies, admission controllers, service mesh, secrets management, runtime hardening).

• Strong fluency with Infrastructure as Code (Terraform or CDK); you view infrastructure as software and are comfortable driving code reviews, testing, and automation for infra changes.

• Deep understanding of security architecture concepts, including Zero Trust, mTLS, identity-based perimeters, least privilege, and cloud hardening best practices.

• Demonstrated experience leading incident response as an Incident Commander for major vulnerabilities or breaches, including coordinating cross-functional teams under pressure.

• Proficiency in headcount planning, performance reviews, and mentorship, with a clear and thoughtful leadership philosophy you can articulate with examples.

• Excellent communication skills, with the ability to explain complex security risks and trade-offs to both deeply technical engineers and non-technical stakeholders.

Important Notice for Paxos Applicants

We’ve become aware of fraudulent accounts posting as Paxos recruiters on LinkedIn and other platforms. These scammers attempt to deceive applicants into paying for job opportunities or providing personal financial information.

To verify a legitimate Paxos recruiter:

• We only use @paxos.com email addresses

• We never ask for payment or financial details to apply, interview, or work here

• For technical roles, we do not perform a coding interview without prior screening by our engineering team

Thanks for your interest in Paxos!

Compensation Range: $240,217 – $275,543