Fireblocks Implementation & Key Management Specialist

Location: Austin, TX or San Francisco, CA (Hybrid)

Role Summary
We are seeking a Fireblocks Implementation & Key Management Specialist to own the end-to-end deployment, configuration, and operational governance of the Fireblocks platform within our Centralized High-Speed Blockchain Payment Rail. This role is the organizational authority on Fireblocks MPC-CMP key management, institutional wallet architecture, and cryptographic key lifecycle across 1,800+ connected institutions.

You will implement the Fireblocks MPC-CMP protocol delivering 1-round signing (8x faster than generic MPC), architect split private key structures with automatic minute-interval refresh, and integrate Intel SGX hardware enclaves for tamper-resistant key operations. You will design Policy Engine configurations governing transaction authorization, co-signer workflows, and threshold governance for the payment rail.

The role bridges Security Engineering, Blockchain Engineering, and Compliance, ensuring that key management infrastructure meets SOC 2 Type 2, PCI DSS, ISO 27001, and C4 CCSS QSP Level 3 certification standards while sustaining 100K+ TPS throughput with sub-second finality.

Key Responsibilities
Lead the full Fireblocks platform implementation: workspace configuration, API co-signer setup, MPC key generation ceremonies, and HSM integration
Architect and deploy Fireblocks MPC-CMP key management with 1-round signing, split key shares across geographic nodes, and automated key refresh cycles at minute intervals
Configure and manage the Fireblocks Policy Engine: define authorization rules, multi-level approval workflows, transaction velocity limits, and role-based signing thresholds
Integrate Intel SGX enclaves for hardware-isolated key storage and signing operations, ensuring private key material never leaves secure enclave boundaries
Design and execute key generation ceremonies for root keys with multi-sig governance, air-gapped signing environments, and quorum-based recovery procedures
Own the Fireblocks Network topology connecting 1,800+ institutional counterparties: manage workspace listing, API key provisioning, and secure channel establishment
Implement automated key rotation schedules, emergency key revocation workflows, and disaster recovery procedures with RPO=0 targets
Integrate Fireblocks SDK with the Hyperledger Fabric endorsement layer: map Fabric MSP identities to Fireblocks vault accounts and signing policies
Build and maintain audit trails for all key operations: signing events, policy changes, key rotations, and access control modifications for regulatory evidence
Conduct Fireblocks-specific penetration testing, red team simulations, and chaos drills including co-signer node failures and key shard loss scenarios
Collaborate with the Security & Cryptography Engineer on ZK-proof anchoring workflows and cross-chain signing requirements for Ethereum bridge operations
Serve as primary liaison with Fireblocks customer success and engineering teams for platform upgrades, vulnerability disclosures, and custom integration support
Produce and maintain operational runbooks, key management policies, and compliance documentation for SOC 2 / ISO 27001 audit evidence

Required Qualifications
7+ years in security engineering or key management, with 3+ years hands-on Fireblocks platform deployment and administration
Deep expertise in Fireblocks MPC-CMP protocol: vault account architecture, API co-signer configuration, workspace policy management, and Fireblocks SDK integration
Strong understanding of MPC threshold signing schemes: MPC-CMP, GG18/GG20, FROST - protocol mechanics, security assumptions, and operational trade-offs
Experience designing and executing cryptographic key ceremonies: air-gapped environments, Shamir Secret Sharing, quorum procedures, and hardware token integration
HSM integration experience: Thales Luna, AWS CloudHSM, Azure Dedicated HSM, or equivalent enterprise-grade hardware security modules
Intel SGX/TDX enclave programming or integration experience: enclave lifecycle management, remote attestation, and sealed storage
PKI infrastructure: X.509 certificate lifecycle, CA hierarchy design, mTLS provisioning, and automated certificate rotation
Regulatory compliance implementation: SOC 2, PCI DSS, ISO 27001, and blockchain-specific frameworks (C4 CCSS QSP)
Proficiency in Go, Python, or Node.js for Fireblocks SDK integration, automation scripting, and key management tooling
BS/MS in Computer Science, Cryptography, or Information Security

Preferred Qualifications
Fireblocks Certified Implementation Partner (FCIP) designation or equivalent Fireblocks platform certification
Experience integrating Fireblocks with Hyperledger Fabric, Stellar Network, or other permissioned blockchain frameworks
Knowledge of FIPS 140-2/3 Level 3/4 compliance requirements for cryptographic modules
Travel Rule protocol implementation for cross-border compliance (IVMS 101, OpenVASP, or TRP)
Published research or open-source contributions in applied cryptography or MPC protocols
Financial services regulatory background: GLBA, FFIEC, Reg SP, or equivalent institutional custody frameworks
CISSP, CISM, CEH, or GIAC GREM certification
Prior custody or prime brokerage technology experience at a financial institution or digital asset custodian