Security Analyst

<div class="content-intro"><p><span style="font-weight: 400;">Aptos is a people-first blockchain on a mission to help billions of people achieve universal and fair access to decentralized assets in a safe and scalable way.</span></p> <p><span style="font-weight: 400;">Founded by some of the original creators and maintainers that researched, designed, and built the Diem blockchain to serve this purpose, we have dedicated several years toward this mission. We believe the open-source Diem technology we have developed is an important foundation of a safe and scalable web3 world where everyone has more equitable opportunities to grow and access financial assets with lower fees and fewer intermediaries.&nbsp;&nbsp;</span></p> <p><span style="font-weight: 400;">Aptos (Ohlone for "The People") encompasses our mission and ethos for why we build.</span></p></div><p>Aptos Foundation is seeking a Security Analyst to help operate and scale security across the organization. Reporting to the Security Lead, this role will support core security workflows spanning phishing response, bug bounty operations, access governance, and operational security hygiene. This is a hands-on, cross-functional role offering broad exposure across security operations, access governance, and threat response—ideal for someone looking to develop a wide view of security in a fast-moving organization.</p> <h2><strong>Responsibilities</strong></h2> <ul> <li>Respond to and triage alerts relating to phishing attacks, impersonation, scams, and brand abuse (e.g. Sublime, Doppel), escalating credible threats where appropriate.</li> <li>Coordinate day-to-day operation of the bug bounty program, including communication with researchers, issue tracking, reporting, and internal follow-up.</li> <li>Conduct user access reviews and review security settings, access configurations, and administrative controls across business systems, SaaS platforms, and internal infrastructure, tracking remediation where required.</li> <li>Support recurring operational security workflows, including documentation, process tracking, and follow-up.</li> </ul> <h2><strong>Requirements</strong></h2> <ul> <li>2+ years of experience in a security-focused role, such as security operations, IAM, application security support, operational security, or a similar domain.</li> <li>Familiarity with core security concepts including phishing, authentication, access control, least privilege, and common vulnerability classes.</li> <li>Ability to manage multiple concurrent workflows with strong attention to detail and reliable follow-through.</li> <li>Clear written communication and confidence coordinating across technical and non-technical stakeholders.</li> <li>Self-motivated, organized, and comfortable operating independently in a remote-first environment with minimal supervision.</li> </ul> <h2><strong>Nice to Have</strong></h2> <ul> <li>Experience automating operational workflows using LLMs or AI tooling (e.g. Claude).</li> <li>Familiarity with common web application vulnerabilities (e.g. OWASP Top 10).</li> <li>Exposure to vulnerability disclosure / bug bounty workflows.</li> <li>Experience with SaaS administration, access reviews, or IAM processes.</li> <li>Experience in web3 environments or familiarity with common web3 threat patterns.</li> </ul> <p>&nbsp;</p> <p><span style="font-weight: 400;"><em data-stringify-type="italic">The base salary range for this full-time position is $120k - $180k. The range displayed on each job posting reflects the minimum and typical maximum target for new hire salaries for the position of a candidate based in the Bay Area at any level. We do hire exceptionally talented professionals with decades of experience in their field. As such, our range may be higher than what is displayed. Our base salary ranges are determined by experience and location, and we hire at all levels for multiple roles. Within the range, individual pay is determined by work location, job-related skills demonstrated during the interviews, working experience, and relevant education or training. Please note that the compensation details listed in role postings reflect the base salary only and do not include equity, tokens, or benefits.&nbsp;</em></span></p> <p class="p1">#LI-PG1</p><div class="content-conclusion"><p><strong>Our Benefits</strong></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">100% insurance premium coverage for medical, dental, and vision for you and your dependents (US Employees)</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Equipment of your choice</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Flexible vacation time, 11 holidays, and floating company days off&nbsp;</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Competitive Salary</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Protocol Token Grants</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">401k matching (US Employees)</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Fun and inclusive in-person and digital events</span></li> </ul> <p><em><span style="font-weight: 400;">Aptos is committed to diversity in the workplace, and we’re proud to be an Equal Opportunity Employer. We do not hire on the basis of race, color, religion, creed, gender, national origin, citizenship, age, disability, veteran status, marital status, pregnancy, parental status, sex, gender expression or identity, sexual orientation, or any other basis protected by local, state or federal law. All employment is decided based on qualifications, merit, and business need.</span></em></p> <div class="p-client_container"> <div class="p-ia4_client_container"> <div class="p-ia4_client p-ia4_client--with-search-in-top-nav p-ia4_client--workspace-switcher-rail-visibletest p-ia4_client--narrow-feature-on p-ia4_client--theming"> <div class="p-client_workspace_wrapper"> <div class="p-client_workspace"> <div class="p-client_workspace__layout"> <div class="active-managed-focus-container"> <div class="p-view_contents p-view_contents--secondary p-view_contents--channel-list-pry"> <div class="p-flexpane p-flexpane--iap1 p-flexpane--ia_details_popover" data-qa="threads_flexpane"> <div class="p-flexpane__body p-threads_flexpane_container p-flexpane__body--light"> <div class="p-file_drag_drop__container p-threads_flexpane"> <div class="flex_one no_min_height"> <div id="C04PR3PB3EV-1709053205.177889-thread-list-Thread"> <div id="C04PR3PB3EV-1709053205.177889-thread-list-Thread" class="c-virtual_list c-virtual_list--scrollbar c-scrollbar c-scrollbar--always_visible"> <div class="c-scrollbar__hider" data-qa="slack_kit_scrollbar"> <div class="c-scrollbar__child"> <div class="c-virtual_list__scroll_container" data-qa="slack_kit_list"> <div id="C04PR3PB3EV-1709053205.177889-thread-list-Thread_1709059995.769659" class="c-virtual_list__item" data-qa="virtual-list-item" data-item-key="1709059995.769659"> <div class="c-message_kit__background c-message_kit__background--hovered c-message_kit__message c-message_kit__thread_message" data-qa="message_container" data-qa-unprocessed="false" data-qa-placeholder="false"> <div class="c-message_kit__hover c-message_kit__hover--hovered" data-qa-hover="true"> <div class="c-message_kit__actions c-message_kit__actions--default"> <div class="c-message_kit__gutter"> <div class="c-message_kit__gutter__right" data-qa="message_content"> <div class="c-message_kit__blocks c-message_kit__blocks--rich_text"> <div class="c-message__message_blocks c-message__message_blocks--rich_text" data-qa="message-text"> <div class="p-block_kit_renderer" data-qa="block-kit-renderer"> <div class="p-block_kit_renderer__block_wrapper p-block_kit_renderer__block_wrapper--first"> <div class="p-rich_text_block"> <div class="p-client_container"> <div class="p-ia4_client_container"> <div class="p-ia4_client p-ia4_client--with-search-in-top-nav p-ia4_client--workspace-switcher-rail-visibletest p-ia4_client--narrow-feature-on p-ia4_client--theming"> <div class="p-client_workspace_wrapper"> <div class="p-client_workspace"> <div class="p-client_workspace__layout"> <div class="active-managed-focus-container"> <div class="p-view_contents p-view_contents--primary p-view_contents--channel-list-pry"> <div class="p-file_drag_drop__container"> <div class="p-workspace__primary_view_body"> <div class="p-message_pane p-message_pane--classic-nav p-message_pane--scrollbar-float-adjustment p-message_pane--with-bookmarks-bar" data-qa="message_pane"> <div class="c-virtual_list c-virtual_list--scrollbar c-message_list c-message_list--floating c-scrollbar c-scrollbar--fade"> <div class="c-scrollbar__hider" data-qa="slack_kit_scrollbar"> <div class="c-scrollbar__child"> <div class="c-virtual_list__scroll_container" data-qa="slack_kit_list"> <div id="1708738159.211909" class="c-virtual_list__item" data-qa="virtual-list-item" data-item-key="1708738159.211909"> <div class="c-message_kit__background c-message_kit__background--hovered p-message_pane_message__message c-message_kit__message" data-qa="message_container" data-qa-unprocessed="false" data-qa-placeholder="false"> <div class="c-message_kit__hover c-message_kit__hover--hovered" data-qa-hover="true"> <div class="c-message_kit__actions c-message_kit__actions--default"> <div class="c-message_kit__gutter"> <div class="c-message_kit__gutter__right" data-qa="message_content"> <div class="c-message_kit__blocks c-message_kit__blocks--rich_text"> <div class="c-message__message_blocks c-message__message_blocks--rich_text" data-qa="message-text"> <div class="p-block_kit_renderer" data-qa="block-kit-renderer"> <div class="p-block_kit_renderer__block_wrapper p-block_kit_renderer__block_wrapper--first"> <div class="p-rich_text_block"> <blockquote class="c-mrkdwn__quote" data-stringify-type="quote">We are committed to providing a safe and secure hiring process for all applicants. Unfortunately, there are individuals who may attempt to impersonate Aptos or our employees for fraudulent purposes.<br><strong data-stringify-type="bold">To protect yourself, please be aware of the following:</strong></blockquote> <ul class="p-rich_text_list p-rich_text_list__bullet" data-stringify-type="unordered-list" data-indent="0" data-border="1" data-border-radius-top-cap="0" data-border-radius-bottom-cap="0"> <li data-stringify-indent="0" data-stringify-border="1">We will&nbsp;<strong data-stringify-type="bold">never</strong>&nbsp;ask you for payment of any kind during the application or onboarding process, including fees for background checks, training, or equipment.</li> <li data-stringify-indent="0" data-stringify-border="1">We will&nbsp;<strong data-stringify-type="bold">always</strong>&nbsp;communicate with you using our official company email domain.</li> <li data-stringify-indent="0" data-stringify-border="1">We will&nbsp;<strong data-stringify-type="bold">never</strong>&nbsp;request your personal financial information, such as your social security number or bank account details, during the initial application stages or via email or a video/voice call when onboarding.</li> </ul> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div></div>