Security Analyst
Aptos Foundation · European Union
- Hybrid
- Full-time
- $100,000 / year
- European Union
Job highlights
- Support security operations and scale initiatives.
- Handle phishing, bug bounty, and access governance.
- Collaborate across technical and non-technical teams.
- Work independently in a remote-first environment.
- Develop broad security experience in a fast-paced org.
About the role
Security Analyst
Aptos Foundation is seeking a Security Analyst to help operate and scale security across the organization. Reporting to the Security Lead, this role will support core security workflows spanning phishing response, bug bounty operations, access governance, and operational security hygiene. This is a hands-on, cross-functional role offering broad exposure across security operations, access governance, and threat response—ideal for someone looking to develop a wide view of security in a fast-moving organization.
About the Role
This role will support core security workflows spanning phishing response, bug bounty operations, access governance, and operational security hygiene.
Responsibilities
- Respond to and triage alerts relating to phishing attacks, impersonation, scams, and brand abuse (e.g. Sublime, Doppel), escalating credible threats where appropriate.
- Coordinate day-to-day operation of the bug bounty program, including communication with researchers, issue tracking, reporting, and internal follow-up.
- Conduct user access reviews and review security settings, access configurations, and administrative controls across business systems, SaaS platforms, and internal infrastructure, tracking remediation where required.
- Support recurring operational security workflows, including documentation, process tracking, and follow-up.
Qualifications
- 2+ years of experience in a security-focused role, such as security operations, IAM, application security support, operational security, or a similar domain.
Required Skills
- Familiarity with core security concepts including phishing, authentication, access control, least privilege, and common vulnerability classes.
- Ability to manage multiple concurrent workflows with strong attention to detail and reliable follow-through.
- Clear written communication and confidence coordinating across technical and non-technical stakeholders.
- Self-motivated, organized, and comfortable operating independently in a remote-first environment with minimal supervision.
Preferred Skills
- Experience automating operational workflows using LLMs or AI tooling (e.g. Claude).
- Familiarity with common web application vulnerabilities (e.g. OWASP Top 10).
- Exposure to vulnerability disclosure / bug bounty workflows.
- Experience with SaaS administration, access reviews, or IAM processes.
- Experience in web3 environments or familiarity with common web3 threat patterns.
We are committed to diversity in the workplace, and we’re proud to be an Equal Opportunity Employer. We do not hire on the basis of race, color, religion, creed, gender, national origin, citizenship, age, disability, veteran status, marital status, pregnancy, parental status, sex, gender expression or identity, sexual orientation, or any other basis protected by local, state or federal law. All employment is decided based on qualifications, merit, and business need.
Key skills/competency
- Security Operations
- Phishing Response
- Bug Bounty Operations
- Access Governance
- IAM
- Threat Response
- Operational Security
- Vulnerability Management
- Risk Assessment
- Security Hygiene
Skills & topics
- Security Analyst
- Security Operations
- Phishing Response
- Bug Bounty
- Access Governance
- IAM
- Threat Response
- Operational Security
- Vulnerability Management
- Security Hygiene
- LLM
- AI
- OWASP
- Web3
- SaaS Administration
- Remote
How to get hired
- Tailor your resume: Highlight 2+ years in security ops, IAM, or app security, emphasizing phishing response and bug bounty experience.
- Showcase essential skills: Clearly articulate your familiarity with core security concepts like access control and least privilege in your application.
- Demonstrate communication skills: Provide examples of coordinating with both technical and non-technical stakeholders for Aptos Foundation.
- Emphasize remote readiness: Detail your self-motivation and organizational skills for independent work in a remote setting.
Technical preparation
Familiarize with phishing, authentication, and access control.,Understand common vulnerability classes and OWASP Top 10.,Review bug bounty program operations and disclosure workflows.,Explore IAM processes and SaaS administration best practices.
Behavioral questions
Describe a time you handled multiple urgent tasks.,How do you ensure attention to detail in your work?,Share an experience coordinating with diverse stakeholders.,How do you operate independently with minimal supervision?
Frequently asked questions
- What are the primary responsibilities of a Security Analyst at Aptos Foundation?
- The Security Analyst at Aptos Foundation will be responsible for core security workflows including phishing response, bug bounty operations, access governance, and maintaining operational security hygiene. You will triage security alerts, coordinate bug bounty programs, conduct access reviews, and support recurring security operations.
- What experience is required for the Security Analyst role at Aptos Foundation?
- A minimum of 2 years of experience in a security-focused role is required. This can include experience in security operations, Identity and Access Management (IAM), application security support, or operational security.
- Is this a remote position at Aptos Foundation?
- Yes, the job description explicitly states that this is a remote-first environment. Aptos Foundation is looking for candidates who are comfortable operating independently with minimal supervision in a remote setting.
- What technical skills are most important for this Security Analyst position?
- Key technical skills include familiarity with core security concepts such as phishing, authentication, access control, and least privilege. Experience with common vulnerability classes and optionally, web application vulnerabilities (OWASP Top 10) and web3 threat patterns is also valuable.
- How does Aptos Foundation approach diversity and inclusion for Security Analyst roles?
- Aptos Foundation is committed to diversity and is an Equal Opportunity Employer. They hire based on qualifications, merit, and business needs, not on protected characteristics, ensuring a fair and inclusive hiring process for all candidates.
- What are the preferred skills for a Security Analyst at Aptos Foundation?
- Preferred skills include experience automating operational workflows with AI/LLMs, familiarity with the OWASP Top 10, exposure to bug bounty programs, SaaS administration/IAM processes, and knowledge of web3 environments or threat patterns.