About Us:-Since its founding in 2017, Prometheum has leveraged its deep expertise in securities law, blockchain, and trading to create a compliant ecosystem for digital asset securities that enables all investors to seamlessly invest in digital asset securities. Prometheum has relied on its strong diverse team to build the tools to service digital asset securities. To date, Prometheum has built multiple broker-dealers traversing novel areas and a large technology stack (intersecting trading, blockchain, compliance, etc.). We continue to grow and are looking for hardworking, hungry individuals that can contribute to our already great fintech company culture as we traverse new and exciting areas that require a thirst for solving complicated problems.Role:- Senior Infrastructure Security Engineer - Full Time W2Responsibilities:-This is a senior, hands-on role with intentionally broad scope. Cloud infrastructure, security operations, and regulatory compliance are consolidated into a single function rather than distributed across a large team — which means real ownership, direct access to leadership, and the ability to shape how security is built and operated at Prometheum. Prometheum is actively maturing its security function, and this role will be instrumental in shaping where it goes — you'll be building on an existing foundation and defining what comes next. The right candidate has worked in a lean, regulated environment before and is energized by breadth rather than frustrated by it.Design and maintain secure AWS cloud infrastructure using Terraform and Terragrunt, with a focus on IAM least-privilege, account isolation, and security guardrails across multiple AWS environmentsManage AWS network security: VPC segmentation and design, Transit Gateway architecture, PrivateLink for service isolation, Network Firewall, and Route 53 Resolver for DNS securityManage and maintain Cloudflare infrastructure including DNS, WAF, and edge computeArchitect and operate Cloudflare Zero Trust — including Access policies, Tunnel configuration for private network routing, Gateway egress filtering and DNS security policies, and WARP client deploymentManage and tune AWS-native security tooling: GuardDuty, Security Hub, Config, Inspector, CloudTrail, and WAFIntegrate security controls into CI/CD pipelines (GitHub Actions) — including SAST, DAST, container image scanning, dependency vulnerability checks, and secrets detectionEnhance container and workload security through image signing, admission controllers (Kyverno), runtime policies, and base image hygieneManage dependency and patch lifecycle across Docker images, Helm charts, Terraform modules, and application packagesOwn and operate security monitoring and incident response: maintain SIEM/log aggregation pipelines, tune alerting for anomalous behavior and policy violations, lead root cause analysis, and document post-mortemsConduct and coordinate vulnerability assessments; track findings through to remediationAutomate compliance checks and drift detection using infrastructure scanning and policy-as-code toolingParticipate in on-call rotation to respond to security and infrastructure incidentsSupport SEC and FINRA compliance obligations by implementing and documenting technical controls, and partner with legal and compliance teams during audits and regulatory reviewsDocument infrastructure patterns, access controls, and security architecture for audit readinessQualifications:-7+ years of experience in information technology or cloud infrastructure5+ years of experience in infrastructure, security engineering, or DevOps — with meaningful hands-on overlap across all threeStrong AWS expertise across security-relevant services: IAM, VPC, GuardDuty, Security Hub, Config, CloudTrail, Secrets Manager, KMS, Network Firewall, and PrivateLinkProduction experience with Cloudflare Zero Trust — Access, Tunnel, Gateway, and WARP; familiarity with Cloudflare Workers or edge compute is a plusSolid AWS networking knowledge: VPC design and segmentation, Transit Gateway, PrivateLink, Route 53 Resolver, and Network Firewall in a multi-account environmentStrong Infrastructure-as-Code skills using Terraform and TerragruntHands-on experience securing CI/CD pipelines: SAST, container scanning, secrets detection, and policy gates in GitHub Actions or similarExperience operating a security observability stack; Datadog is our current platform and familiarity with it is a plusExperience operating in a regulated financial services environment and the compliance obligations that come with itExperience with vulnerability management lifecycle: scanning, prioritization, tracking, and remediationProficiency in at least one scripting or programming language: Python, Go, Bash, or TypeScriptStrong written communication skills — able to produce documentation that satisfies both engineering and audit audiencesNice to Have:-Kubernetes/EKS experience at any depth — even working familiarity is valuedExperience with blockchain infrastructure or digital asset platformsAny of the following certifications are valued but not required: AWS Certified Security – Specialty, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Kubernetes Security Specialist (CKS)Experience with AI-assisted tooling in DevOps or security workflowsBackground contributing to or managing vendor security reviews and third-party risk assessmentsExperience working in a highly regulated financial services environment — broker-dealer, RIA, ATS, or custodian — with direct exposure to SEC or FINRA examinationsFamiliarity with Regulation S-P breach notification workflows, FINRA Rule 4530 incident reporting, or AML/BSA technical control implementationBenefits:-Competitive salary based on experienceExcellent benefits including: Health, Vision & Dental InsuranceFully remote position with equipment providedPrometheum is an equal opportunity employer.
