Lead Security Engineer

  • -
  • Full-Time
  • Remote
Apply now Refer
Job Description:

Lead Security Engineer

Location: Remote, EU/US

Salary: Competitive

Role Overview

We are seeking our first Security Engineer to own and build the security function of our company, spanning both Web2 and Web3 environments. This critical role will protect our infrastructure, products, and users as we scale beyond $1B TVL. You will collaborate closely with engineering, DevOps, and leadership teams to design and implement security best practices across the organization.

Responsibilities

  • Web2 & Web3 Security: Secure smart contracts, APIs, and user-facing applications.

  • Infrastructure Security: Harden GCP, AWS, Cloudflare environments, networks, and endpoints.

  • Supply Chain Security: Ensure secure build and deployment processes through CI/CD hardening, dependency governance, artifact signing, and comprehensive SBOM management.

  • Monitoring & Detection: Deploy monitoring tools such as SIEM, anomaly detection, and alerts for infrastructure and on-chain activity.

  • Company Security Posture: Lead security audits, access controls, secrets management, and incident response.

  • Policies & Awareness: Define security policies, conduct internal training, and foster a culture of security-first engineering.

  • Vendor & Partner Due Diligence: Assess risks of external tools, services, and integrations.

  • Incident Response & Playbooks: Establish and manage incident response processes for potential threats, exploits, or breaches.


Nice to Have / Future Areas to Own

  • Compliance & Certifications: SOC2, ISO27001, GDPR alignment (initially with external partners).

  • Key & Wallet Security: HSMs, MPC, custody solutions for on-chain assets.

  • Red Teaming / Pen testing: Hands-on or coordinating with external providers.

  • Bug Bounty / External Research: Manage relationships with external auditors and bounty platforms.


What We’re Looking For

  • Strong experience in security engineering across infrastructure, cloud, or product domains.

  • Familiarity with blockchain/Web3 ecosystems and their unique threat models.

  • Ability to work as a generalist and builder, establishing the security foundation of the company.

  • Hands-on, pragmatic approach comfortable being both architect and executor.