Staff Security Engineer

Hi, we're Ondo Finance. Our mission is to provide institutional-grade, blockchain-enabled investment products and services. We have both a technology arm that develops decentralized finance technology, and an asset management arm that creates and manages tokenized funds. We were the first company to tokenize exposure to US Treasuries, and have since expanded into several other assets. We are also focused on incubating protocols that can support both tokenized real-world assets and traditional crypto.Founded by folks from Goldman Sachs Digital Assets Team, we’re backed by some of the best investors in the world including Founders Fund, Coinbase Ventures, Pantera Capital, Tiger Global, and more.

We are currently the leaders in the space in terms of AUM and are well capitalized to continue growing the firm. We're fully remote, with team members across the U.S.

Ondo is looking for an experienced Staff Security Engineer. You will be someone with experience working at a fast moving crypto organization, that is able to demonstrate strong expertise in blockchain, web app and cloud security.As our first dedicated security engineering hire, you will have tons of ownership from day 1 and a clear path to progress within the organization, building out our security programs from the ground up.If you are equally passionate about DeFi and cybersecurity, this could be a great opportunity to apply for.

i.e. What should the world look like if you’re doing your job well?•Ondo Remains Secure and Trustworthy: Ondo’s systems are secure, protecting digital assets, sensitive data, and reputation.

•Strengthened Reputation as an Industry Leader in Security: Ondo builds a reputation for top-tier security, setting industry standards.

•Product Security: Partner with product and engineering teams to integrate security reviews, develop tooling, monitor for threats, and manage bug bounty programs.•Organization Level Security: Ensure compliance with regulations, safeguard data, and enhance fraud detection across the company.•Product Risk Management: Lead the product risk program, implementing and testing incident response protocols.•Security Monitoring And Reporting: Oversee monitoring for risks, both internal and external, and lead the reporting of security incidents.•Partner and Client Diligence: Oversee monitoring for risks, both internal and external, and lead the reporting of security incidents.

•Based in PT, MT, CT, or ET time zones.•Excellent technical and non-technical communication skills, verbal and written.•Proven experience in risk assessments, vulnerability assessments, and penetration testing.•5+ years of securing modern software systems, with a focus on blockchain technology.•Deep expertise in securing blockchain-based applications and infrastructure.

•Experience with auditing, static analysis, fuzz testing, and formal verification of smart contracts for any of the following languages: Solidity, Rust-Solana, Move, Go.•Deep networking experience (Firewalls, VPNs, load balancing, networking protocols, Wireshark, etc).•Experience with modern security tooling (BurpSuite, Metasploit, etc).•An understanding of modern bridging fundamentals and interoperability protocols.•A deep understanding of multisignature technology and cold storage (Fireblocks, Gnosis Safe, etc).•Experience building secure CI/CD systems, particularly for smart contract deployments.

•Competitive compensation including salary, future token rights, and/or equity (according to your preferences) — we're well-funded and believe that great talent deserves great compensation.•Full benefits (medical, vision, and dental) and flexible vacation policy (PTO).•Small remote-first team across many countries — you'll be an early team member helping shape our vision, culture, and design practices.•A+ colleagues — our team includes alumni from Goldman Sachs Digital Assets, SpaceX, AWS, DeFi protocols like BadgerDAO, private equity funds, hedge funds, and various VC-backed startups.•Best-in-class investors — we are proud to be backed by leading crypto experts (incl.

founders of Aave, Quantstamp, and Anchorage) and funds (incl. Pantera, Genesis, DCG, Coin Fund, and CMS).Apply for this job