Principal Security Architect

Since being founded in 2018 Copper has been building the standard for institutional digital asset infrastructure with a focus on custody collateral management and prime services.

Led by Amar Kuchinad Coppers Global CEO the firm provides a comprehensive suite of custody trading and settlement solutions that reduce counterparty risk and bring greater capital and operational efficiency to digital asset markets. At the heart of Coppers offering is Multi-Party Computation (MPC) technology the gold standard in secure custody. Coppers multi-award winning custody system is unique in that it can be connected to centralised exchanges DeFi applications and even staking pools without the assets leaving the custody.

Built on top of this state-of-the-art custody ClearLoop is the first solution in the market that overcomes a growing industry challenge; counterparty risk with exchanges. This solution underpins a full prime services offering connecting global exchanges and enabling customers to trade and settle directly from the safety of their MPC-secured wallets. By reducing settlement time for transfers to a few milliseconds (without blockchain network dependency) and offering enhanced security measures ClearLoop is rapidly reshaping the way asset managers trade and manage capital.

In addition to industry-leading security certifications Copper has one of the strongest insurance coverages in the industry from an A rated insurer positioning the firm as the partner of choice for institutions seeking to safeguard their assets.

Department/Team Purpose:

Copper provides institutional digital asset custody settlement and collateral management services across a wide range of blockchains and integrated venues. Information Security protects the firms platforms client assets and regulated entities across the group.

Role Purpose:

The Principal Security Architect is the senior technical authority for security architecture atCopper. The role reports to the CISO and partners closely with Engineering. The holder sets architectural direction reviews and approves designs for major change and acts as the firms reference point on the security of the systems protocols and integrations Copper depends on. The role ispredominantly architectureand assurance with limited hands-on solution design in the cloud and integration space where reference patterns are needed.

Key Responsibilities:

Architectural authority

• Hold formal security sign-off authority for major changes to Coppers platforms infrastructure and integrations.
• Shape andmaintainthe security architecture patterns principles and reference designs that engineering teams build against.
• Provide the senior technical security position in architectural and business decisions including escalations where security and delivery pressures conflict.

Custody signing and cryptographic architecture

• Provide architectural security leadership over Coppers signing infrastructure working alongside specialist engineering and cryptography teams. Scope covers the people process and operational design around MPC-based signing. Solid conceptual grounding in threshold cryptography and signature schemes isrequired; cryptographer-level work is not.
• Review and approve changes to transaction construction signing flows approval policy and key lifecycle operations.
• Provide architectural assurance over chain-of-trust constructsadjacent tocustody including verifiable build pipelines hardware-backed code signing and authenticator-bound administrative paths.

Multi-chain and integration security

• Reason at architectural depth across the range of blockchains Copper supports including EVM UTXO and account-based non-EVM families. This requires a working understanding of transaction construction signing semantics consensus assumptions and validator and staking models across these environments without being a protocol engineer in any of them.
• Assess third-party smart contract architectures implementations and audit reports to a level sufficient to understand the exploit and risk surface without performing line-by-line code review.
• Review first-party integrations with partner networks including those underpinning staking and similar on-chain participation and form a defensible security position on the operational and contract risk Copper inherits.

Settlement collateral and off-exchange architecture

• Provide architectural ownership of the security model for Coppers settlement collateral mirroring and off-exchange product surfaces.
• Reason about the trust boundaries betweenCopper venues and clients and ensure architectural controls match the obligations each side carries.

Identity and access architecture

• Own identity and access architecture as a dedicated pillar of the role.
• Set patterns for workforce workload and third-party identity across Entra ID federated SSO OAuth2 / OIDC SAML and modern authenticators.
• Govern entitlement design privileged access and access models for contractors vendors and external operators.

Cloud and platform security

• Maintain working architectural fluency in both AWS and Azure includingnetwork topology segmentation secrets handling and platform telemetry.
• Produce reference patterns and where needed direct integration designs in the cloud and platform space.

Third-party and protocol risk

• Lead technical security review of vendors integrated venues and protocols including challenge of assurances that do not stand up to scrutiny.
• Support client and counterparty due diligence on the technical content most likely to be misrepresented or under-specified.

Policy regulatory and assurance support

• Maintain a working understanding of the regulatory regimes applicable to Coppers licensed entities sufficient to translate architectural decisions into language Compliance and GRC can defend. Primary ownership of regulatory positioning sits elsewhere.
• Contribute to security policy standards and control framework development as the senior technical reviewer.
• Participate in resilience exercises and incident reviews where architectural input materially shapes the outcome.

Skills and Experience:

Essential

• Multi-chain architectural literacy. Able to reason across EVM UTXO and non-EVM account-based chains at the level of transaction construction signing consensus and validator models. Comfortable assessing third-party smart contract designs implementations and audit reports for exploit and risk surface without performing code review.
• Custody and signing architecture. Strong conceptual grasp of threshold signing signature schemes and key lifecycle. Able to design and challenge the operational architecture around signingseparation of duties approval policy key ceremony equivalents in MPC and recoveryto a high standard.
• Settlement and collateral architecture. Demonstrable experience reasoning about settlement collateral and off-exchange constructs including trust boundaries between custodians venues and clients.
• Identity and access architecture. Senior-level experience designing and governing identity across Entra ID federated SSO OAuth2 / OIDC SAML and modern authenticators. Comfortable with entitlement governance and third-party access design.
• Cloud security. Working architectural understanding of AWS and Azure including the ability to produce reference patterns and limited direct integration designs.
• Architectural authority and judgement.Track recordof holding sign-off on significant designs taking defensible positions under uncertainty and owning residual risk.
• Change review and assurance. Comfortable reviewing the work of engineering peers infrastructure changes and vendor designs and able to hold the line where it matters.
• Communication. Able tooperatecredibly with engineers senior business stakeholders auditors and regulators in the same week without losing precision at any of them.

Desirable

• Familiarity with chain-of-trust constructs including verifiable builds reproducible build pipelines and hardware-backed code signing.
• Awareness of the regulatory landscape relevant to digital asset custody and trading (for example FCA FINMA FSRA / ADGMMiCA).
• Compliance familiarity across ISO 27001 SOC 2 and NIST CSF / 800-53 with the ability to map controls cleanly between them.
• Enterprise architecture grounding (TOGAF SABSA) where it complements rather than replaces technical depth.

Why Copper

At Copper we keep innovation openness and curiosity at the centre of everything we do. Here bold ideas get the spotlight learning is constant and diversity shapes our team from the ground up.

Jump into a fast-moving dynamic team that loves a challenge and knows how to have fun along the way. Collaboration is just as important as resultsyoull be surrounded by smart driven colleagues in London and across our APAC Switzerland UAE and US offices.

Hybrid working model we believe in the value of bringing people together and at the same time we embrace the adaptability of flexibly working.

Diversity and inclusion matter to us theyre woven into Copper life. From employee-led groups like Women at Copper to a committee focused on community and wellbeing youll have a network that supports you from day one. Everyone voice matters.

If youre looking to ramp up your career or keen to do something new in your field with us youll keep moving forward.

Ready to make your mark keep growing and join a supportive dynamic team Coppers the place.

The interview process at Copper

Our interview process is designed to be thoughtful efficient and engaging. While specific steps may vary slightly depending on the role the typical journey includes:

1. Initial Screening A brief conversation with our Talent Acquisition team to explore your background motivations and alignment with the role.
2. Technical Interview A virtual session conducted via Microsoft Teams where youll engage with team members to discuss relevant skills problem-solving approaches and technical experience.
3. In-Person Interview A conversation focused on team dynamics collaboration style and any final technical questions. This may be with cross-functional peers or leadership.

Additional steps may be added based on the roles complexity or seniority. We aim to keep the process transparent and respectful of your time.

Benefits

In return for everything you can bring to Copper we can offer you an exciting challenging role in a fast-growing and dynamic business with career opportunities and welcoming working environment. Some of our key UK benefits are highlighted below:

• Paid Time Off - A minimum of 35 days of paid time off per year inclusive of annual leave and public holidays. Employees also receive one additional day of annual leave for each year of service.
• Comprehensive Medical Insurance - Inclusive of dental optical audiology and mental health coverage with medical history disregarded
• Life Insurance
• Enhanced Pension Contributions - Includes an enhanced employer matching contribution
• 24/7 Employee Assistance Programme (EAP)

If you think you have everything were looking for and more then wed love you to apply for the opportunity.

Copper is an equal opportunity employer. We embrace diversity and equal opportunities in a serious way. We are committed to building a team that represents a variety of backgrounds perspectives and skills. The more inclusive we are the better our work will be. So bring us your experience perspectives and skills. It is in our differences that we will continue to grow and ensure Copper is transforming how institutional investors engage with digital assets. Copper is a Disability Confident Employer please let us know if you have a disability. If you require us to provide any assistance during the recruitment process then we would ask you to highlight this to us and we will be happy to accommodate.