Fireblocks Implementation & Key Management Specialist
Share
Job Location:
Austin, TX - USA
Monthly Salary:
Not Disclosed
Posted on:
22 hours ago
Vacancies:
1 Vacancy
Job Summary
Job Title: Fireblocks Implementation & Key Management Specialist
Location: Austin TX or San Francisco CA (Hybrid)
Role Summary
We are seeking a Fireblocks Implementation & Key Management Specialist to own the end-to-end deployment configuration and operational governance of the Fireblocks platform within our Centralized High-Speed Blockchain Payment Rail. This role is the organizational authority on Fireblocks MPC-CMP key management institutional wallet architecture and cryptographic key lifecycle across 1800 connected institutions.
You will implement the Fireblocks MPC-CMP protocol delivering 1-round signing (8x faster than generic MPC) architect split private key structures with automatic minute-interval refresh and integrate Intel SGX hardware enclaves for tamper-resistant key operations. You will design Policy Engine configurations governing transaction authorization co-signer workflows and threshold governance for the payment rail.
The role bridges Security Engineering Blockchain Engineering and Compliance ensuring that key management infrastructure meets SOC 2 Type 2 PCI DSS ISO 27001 and C4 CCSS QSP Level 3 certification standards while sustaining 100K TPS throughput with sub-second finality.
Key Responsibilities
Lead the full Fireblocks platform implementation: workspace configuration API co-signer setup MPC key generation ceremonies and HSM integration
Architect and deploy Fireblocks MPC-CMP key management with 1-round signing split key shares across geographic nodes and automated key refresh cycles at minute intervals
Configure and manage the Fireblocks Policy Engine: define authorization rules multi-level approval workflows transaction velocity limits and role-based signing thresholds
Integrate Intel SGX enclaves for hardware-isolated key storage and signing operations ensuring private key material never leaves secure enclave boundaries
Design and execute key generation ceremonies for root keys with multi-sig governance air-gapped signing environments and quorum-based recovery procedures
Own the Fireblocks Network topology connecting 1800 institutional counterparties: manage workspace whitelisting API key provisioning and secure channel establishment
Implement automated key rotation schedules emergency key revocation workflows and disaster recovery procedures with RPO0 targets
Integrate Fireblocks SDK with the Hyperledger Fabric endorsement layer: map Fabric MSP identities to Fireblocks vault accounts and signing policies
Build and maintain audit trails for all key operations: signing events policy changes key rotations and access control modifications for regulatory evidence
Conduct Fireblocks-specific penetration testing red team simulations and chaos drills including co-signer node failures and key shard loss scenarios
Collaborate with the Security & Cryptography Engineer on ZK-proof anchoring workflows and cross-chain signing requirements for Ethereum bridge operations
Serve as primary liaison with Fireblocks customer success and engineering teams for platform upgrades vulnerability disclosures and custom integration support
Produce and maintain operational runbooks key management policies and compliance documentation for SOC 2 / ISO 27001 audit evidence
Required Qualifications
7 years in security engineering or key management with 3 years hands-on Fireblocks platform deployment and administration
Deep expertise in Fireblocks MPC-CMP protocol: vault account architecture API co-signer configuration workspace policy management and Fireblocks SDK integration
Strong understanding of MPC threshold signing schemes: MPC-CMP GG18/GG20 FROST - protocol mechanics security assumptions and operational trade-offs
Experience designing and executing cryptographic key ceremonies: air-gapped environments Shamir Secret Sharing quorum procedures and hardware token integration
HSM integration experience: Thales Luna AWS CloudHSM Azure Dedicated HSM or equivalent enterprise-grade hardware security modules
Intel SGX/TDX enclave programming or integration experience: enclave lifecycle management remote attestation and sealed storage
PKI infrastructure: X.509 certificate lifecycle CA hierarchy design mTLS provisioning and automated certificate rotation
Regulatory compliance implementation: SOC 2 PCI DSS ISO 27001 and blockchain-specific frameworks (C4 CCSS QSP)
Proficiency in Go Python or for Fireblocks SDK integration automation scripting and key management tooling
BS/MS in Computer Science Cryptography or Information Security
Preferred Qualifications
Fireblocks Certified Implementation Partner (FCIP) designation or equivalent Fireblocks platform certification
Experience integrating Fireblocks with Hyperledger Fabric Stellar Network or other permissioned blockchain frameworks
Knowledge of FIPS 140-2/3 Level 3/4 compliance requirements for cryptographic modules
Travel Rule protocol implementation for cross-border compliance (IVMS 101 OpenVASP or TRP)
Published research or open-source contributions in applied cryptography or MPC protocols
Financial services regulatory background: GLBA FFIEC Reg SP or equivalent institutional custody frameworks
CISSP CISM CEH or GIAC GREM certification
Prior custody or prime brokerage technology experience at a financial institution or digital asset custodian
Technical Skills Required
| Fireblocks Platform | MPC-CMP Protocol Policy Engine API Co-Signer Workspace Admin Fireblocks SDK Network Topology |
| Key Management | HSMs (Thales/AWS/Azure) Key Ceremonies Multi-sig Governance Key Rotation FIPS 140-2/3 |
| Cryptography | Threshold Signing (MPC-CMP FROST) ZK-Proofs Merkle Trees PKI/X.509 mTLS SGX Enclaves |
| Blockchain Integration | Hyperledger Fabric MSP Stellar Network Ethereum Signing Cross-chain Bridge Protocols |
| Compliance Frameworks | SOC 2 Type 2 PCI DSS ISO 27001 C4 CCSS QSP L3 Travel Rule / IVMS 101 |
| Languages & Tools | Go Python Fireblocks SDK OpenSSL AWS KMS Azure Key Vault |
| Identity & Access | PKI / X.509 Certificate Rotation mTLS OAuth 2.0 / JWT RBAC Policy Design |
| Observability | Audit Log Pipelines SIEM Integration SOC Operations Incident Response Runbooks |
