Web3 Security Engineer

The Company

A leading asset tokenization company, with over $1.5B in assets on-chain and EU regulatory approval, is actively seeking to enhance its security posture as it rapidly scales. This innovative project operates at the critical intersection of DeFi, institutional finance, and regulatory compliance, focused on bringing real-world assets on-chain with full DeFi composability. The team is characterized by its small size, technical expertise, and agile execution, deeply valuing individuals who are builders, take strong ownership, and are profoundly committed to protecting the integrity of their work.

The Role: Web3 Security Engineer

We are seeking the company's inaugural Web3 Security Engineer to take complete ownership and build out the entire security function from the ground up. This comprehensive role encompasses both web2 and web3 security domains, including infrastructure hardening, robust monitoring, efficient incident response, thorough penetration testing, regulatory compliance, and critical on-chain security measures. This is a fully hands-on, technical position, explicitly not a management or purely strategic role. You will be directly responsible for building systems, writing configurations, and actively responding to incidents. Candidates with recent experience primarily focused on strategic planning or team management will not be prioritized.

What You Will Do

• Secure infrastructure across diverse cloud environments (GCP/AWS/Cloudflare), networks, and endpoints.
• Deploy advanced monitoring and detection tools (SIEM, anomaly detection, alerting) for both infrastructure and on-chain activity.
• Lead security audits, manage access controls, implement robust secrets management, and spearhead incident response.
• Ensure secure CI/CD pipelines, proactively manage dependencies, and enforce stringent supply chain security practices.
• Define comprehensive security policies, conduct internal training, and cultivate a security-first engineering culture.
• Manage key and wallet security, incorporating cutting-edge solutions like HSMs, MPC, and secure custody.
• Conduct or coordinate regular penetration testing and red teaming activities to identify vulnerabilities.
• Drive critical compliance efforts related to SOC2, ISO27001, and GDPR standards.
• Assess security risks associated with external tools, vendors, and critical integrations.
• Manage relationships with external auditors and bug bounty platforms to enhance security.

What You Bring To The Table

• Strong hands-on experience in security engineering across infrastructure, cloud, or product security domains.
• 2+ years of dedicated experience in infrastructure security, operations, or penetration testing within blockchain/web3 or high-scale fintech environments.
• Proven experience with threat modeling, vulnerability remediation, and incident response at an organizational level.
• A generalist mindset coupled with the proven ability to build a comprehensive security function from scratch.
• Recognized credibility within the blockchain or web3 security community, supported by strong references from respected projects or companies.

Ideal Backgrounds

Ideal candidates include current or former Senior/Staff Security Engineers, Security Architects, or individuals in similar roles from high-caliber crypto/web3 organizations with substantial recent operational exposure.

What You Will Get

• Competitive base salary ranging from $150k to $250k USD.
• Significant equity component as part of the total compensation package.
• Full ownership of a critical security function at a company scaling past $1B TVL.
• Access to a remote-first team environment that values trust, speed, and high standards.
• Direct access and collaboration with engineering and leadership teams.

Key skills/competency

• Web3 Security
• Infrastructure Security
• Cloud Security (GCP/AWS)
• Incident Response
• Compliance (SOC2, ISO27001, GDPR)
• Penetration Testing
• Key Management (HSM, MPC)
• Threat Modeling
• Smart Contract Security
• DevSecOps