Specialist, Digital Asset Security

About Bullish

Bullish is an institutionally focused global digital asset platform that provides market infrastructure and information services. These include: Bullish Exchange – a regulated and institutionally focused digital assets spot and derivatives exchange, integrating a high-performance central limit order book matching engine with automated market making to provide deep and predictable liquidity. Bullish Exchange is regulated in Germany, Hong Kong, and Gibraltar. CoinDesk Indices – a collection of tradable proprietary and single-asset benchmarks and indices that track the performance of digital assets for global institutions in the digital assets and traditional finance industries. CoinDesk Data - a broad suite of digital assets market data and analytics, providing real-time insights into prices, trends, and market dynamics. CoinDesk Insights – a digital asset media and events provider and operator of Coindesk.com, a digital media platform that covers news and insights about digital assets, the underlying markets, policy, and blockchain technology.

Reports to:

Head of Digital Asset Security

The Role
At Bullish, we don’t just move digital assets; we protect them. As a Specialist, Digital Asset Security, you are a "Guardian of the Vault." You will master institutional-grade crypto security—from managing Hardware Security Modules (HSMs) to executing high-stakes key ceremonies. This role bridges deep-tech engineering with the operational rigor of a world-class exchange.

Core Responsibilities

• Custody Operations (24/7): Ensure the resilience of the Bullish Custody platform. As part of a global team, you will maintain cryptographic systems to meet the demands of a live exchange.

• Note: This role may require shift work to support 24/7 global operations.

• 3rd Party Custody Support: Serve as a technical contact for partners (e.g., BitGo, Fireblocks, Fordefi), managing integrations and monitoring provider health.

• Security Automation: Use Python and Bash to automate security checks, parse logs, and eliminate human error in operational workflows.

• AI-Augmented Operations: Leverage AI/LLMs to deconstruct system alerts, optimise scripts, and increase operational bandwidth.

• Key Ceremonies & Playbooks: Participate in scripted private key management (key ceremonies) and maintain audit-ready documentation (ISO 27001, SOC 2).

• Cross-Functional Collaboration: Partner with global Dev and DevOps teams to integrate security into every stage of the product lifecycle.

Required Competencies

• Experience: 1–2 years in Cybersecurity, Software Engineering, or technical finance with a "security-first" mindset.

• Technical Toolbox: Proficiency in Python, Bash , Linux, and macOS. You should be comfortable troubleshooting via the command line.

• The "Zero-Mistake" Mindset: Exceptional attention to detail; you understand that following protocol is non-negotiable.

• Crypto Foundations: Solid understanding of blockchain, PKI, and wallet architectures (MPC, Multi-sig).

• Technical Curiosity: A drive to understand the "why" behind the "how" —from PC building to open-source experimentation.

• Communication: Fluent English; ability to collaborate effectively across global time zones.

Desirable Skills

• Hardware: Experience with HSMs, YubiKeys, or TPMs.

• Platforms: Familiarity with GCP , Terraform, Docker, or Datadog.

• Vendors: Prior use of Fireblocks, BitGo, or Fordefi APIs.

• Modern Workflow: Proficiency with AI-assisted engineering (e.g., GitHub Copilot, Gemini).

Bullish is proud to be an equal opportunity employer. We are fast evolving and striving towards being a globally-diverse community. With integrity at our core, our success is driven by a talented team of individuals and the different perspectives they are encouraged to bring to work every day.