Crypto Asset Custody and Security Engineer at Reap

Singapore, Hong Kong Island, Singapore -

Full Time

Start Date

Immediate

Expiry Date

09 Mar, 26

Salary

0.0

Posted On

09 Dec, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Crypto Custody, Blockchain Operations, Digital Asset Security, SSO, IAM/RBAC, MFA Enforcement, ICT Governance, Risk Management, Incident Response, Operational Resilience, Documentation Discipline, Key Lifecycle Controls, Multisig Flows, HSMs, Change Management, Monitoring

Industry

Information Technology & Services

Description

Security · APAC · Hybrid / Remote Crypto Asset Custody & Security Engineer (DORA‑Aligned) Help reinvent global finance with secure, resilient digital asset infrastructure. At Reap, you'll be the security backbone behind our custody operations-shaping how private keys are protected, how wallets operate at scale, and how our ICT controls meet DORA with confidence. You'll blend hands‑on security engineering with governance craft, raising the bar on operational resilience across our products and platforms. Security at Reap Reap builds financial connectivity for a multi‑rail world-traditional finance, stablecoins, and real‑time payments. Security is foundational to that mission. We're looking for a pragmatic engineer who can turn regulation into robust systems, and complex threats into clear controls. You'll partner with Engineering, Risk, and Operations to keep value moving safely, globally, and 24/7. What you'll do Custody security engineering Operate and harden custody environments across hot, warm, and cold storage. Own key lifecycle controls: secure creation, rotation, backup, recovery, and destruction, aligned to DORA secure ICT operations (Art. 9). Support and evolve multisig flows, HSMs, and offline signing patterns. Monitor wallet transaction flows and signals for anomalies, abuse, and drift. Establish secure configuration baselines, hardening guides, and change controls for custody systems. Access, SSO, and lifecycle Enforce strict segregation of duties and RBAC in line with DORA principles (Art. 6). Administer SSO integrations and joiner‑mover‑leaver lifecycle for custody participants. Drive MFA everywhere it matters, least‑privilege defaults, and periodic access reviews. ICT governance and DORA compliance Co‑author policies, standards, and procedures for custody security and change management (Art. 5). Keep control inventories, evidence, and audit‑ready documentation current. Run or support risk assessments for keys, wallets, and asset movement (Art. 8). Contribute to oversight of third‑party custody providers and critical vendors (Art. 30). Incident response and resilience Tune monitoring for custody alerts: wallet anomalies, access violations, and key events. Triage, escalate, and document incidents in accordance with DORA (Art. 17-19). Maintain DR procedures for custody systems and key backups (Art. 28) with tested RTO/RPO. Design and run resilience scenarios: key loss, wallet malfunction, chain instability. Cross‑functional impact Partner with Product, Platform, Data, and Compliance to land controls that scale. Turn regulatory expectations into clear, testable engineering outcomes. Communicate risk and trade‑offs crisply to technical and non‑technical stakeholders. About you Essential Hands‑on experience in crypto custody, blockchain operations, or digital asset security. Deep understanding of custody risks: key compromise, misuse of signing authority, replay and chain instability. Practical knowledge of SSO, IAM/RBAC, MFA enforcement, and SoD in high‑sensitivity environments. Familiar with ICT governance and risk management under DORA (Art. 5-9) and operational resilience and incident obligations (Art. 17-20, 28-30). Strong documentation discipline and an evidence‑first mindset. Nice to have Experience in a regulated financial or digital asset institution. Exposure to institutional custody platforms and enterprise KMS/HSMs. Audit readiness and control testing background, e.g., SOC 2 or ISO 27001. Relevant security or blockchain certifications or equivalent demonstrated expertise. How you work Systems thinker with a builder's bias-able to ship secure defaults and iterate. Clear communicator who can translate regulation into engineering patterns. High integrity and reliability in sensitive custody domains. What you'll work with Multisig wallets, HSMs, hardware wallets, and offline signing setups. Secure key ceremonies, tamper‑evident backup, and recovery playbooks. Monitoring and analytics across wallet activity, access, and infra posture. Change management, evidence collection, and control automation. What this role offers Direct impact on DORA‑aligned custody controls and operational resilience. A front‑row seat at the intersection of security engineering and governance. Influence over security architecture and custody operating models. Growth paths into governance, architecture, or custody security leadership. Benefits you'll enjoy A vibrant, inclusive work culture. Annual leave to relax and recharge, plus public holidays. Health insurance budget. Be part of a fast‑growing global team. Flexible remote work options. Home office equipment budget. Your own Corporate Reap Card-no more out‑of‑pocket spending. About Reap Reap is a leading global payment technology provider that enables financial connectivity and access for businesses worldwide. By merging traditional finance with digital assets, bridging disparate economies, and connecting key financial players, we are transforming the financial landscape into a more interconnected and interoperable space for efficient money movement. With stablecoin‑enabled corporate cards, payout solutions, and expense management tools, we streamline financial operations and empower businesses to scale. Our APIs enable businesses to embed finance into their own products and services, from issuing Visa cards to facilitating cross‑border payments. Reap is supported by a strong network of investors, including Acorn Pacific Ventures, Arcadia Funds, HashKey Capital, Hustle Fund, Fresco Capital, Abacus Ventures, and Payment Asia. Founded in 2018 Coworkers 300+

Responsibilities

The role involves custody security engineering, including operating and hardening custody environments and monitoring wallet transaction flows for anomalies. Additionally, the engineer will co-author policies and support risk assessments to ensure compliance with DORA.