Back to all jobs
O
Senior Security Engineer - Infrastructure
Ondo Finance
United StatesRemote1mo ago
- Employment
- Full-time
- Seniority
- Senior
About the role
- Own cloud security posture across AWS and GCPs: IAM, network, encryption, logging, and account structure.
- CNAP: prioritize findings against real risk, drive remediation through engineering, and measure progress.
- Design and enforce IaC guardrails: pre-merge policy-as-code, required modules, and CI gates that make the secure path the default.
- Lead identity and access design across cloud, IdP, and developer platforms. Drive least-privilege as a continuously enforced property, not an annual project.
- Own secrets management strategy and migration off of long-lived credentials wherever feasible .
- Run focused offensive testing against our own infrastructure: cloud red-team scenarios, IAM privilege-escalation paths, CI/CD supply-chain attack paths, and lateral-movement chains. Translate findings into durable controls.
- Partner with SecOps on detection coverage for cloud control-plane abuse and with Product Security on the infra side of application threat models.
- Drive third-party and supply-chain risk for infra components: container base images, build pipelines, OSS dependencies in Terraform modules, and IaC providers.
- Lead incident response for infra-rooted incidents alongside the SecOps lead.
- Mentor engineers on threat modeling, secure-by-default infra patterns, and how to reason about blast radius.
- 3-5+ years in security engineering with deep focus on cloud and/or infrastructure.
- Strong IaC skills — you have written, reviewed, and refactored real IaC at scale, and you can explain the failure modes of large IaC codebases.
- Production experience across AWS, GCP, or Azure.
- Hands-on experience with a cloud security platformn
- Strong scripting skills in Python or Go.
- Working knowledge of Kubernetes security (RBAC, admission control, workload identity) if our stack uses it; bonus if you can operate it.
- Comfort owning a domain end-to-end: design, build, operate
- Experience defending crypto, fintech, or other targeted environments.
- Experience with CI/CD security
- Adjacent experience in offensive security, application security, or other engineering disciplines welcome
- Familiarity with how on-chain operations interact with off-chain infrastructure
- Competitive compensation including salary, future token rights, and/or equity (according to your preferences) — we're well-funded and believe that great talent deserves great compensation
- Full benefits (medical, vision, and dental) and flexible vacation policy (PTO)
- Small remote-first team across many countries — you'll be an early team member helping shape our vision, culture, and design practices
- A+ colleagues — our team includes alumni from: Goldman Sachs, Blackrock, Two Sigma, Bridgewater, SpaceX, AWS, Meta, Google, Pinterest, McKinsey, Circle, Uniswap, Phantom
- Best-in-class investors — we are proud to be backed by leading crypto experts and VCs, including Pantera Capital, Founders Fund and Coinbase Ventures
Perks & benefits
- Unlimited Vacation
- Paid Time Off
- Equity Compensation
764,000+ hidden jobs like this
Ondo Finance and thousands of companies post here first — often days before LinkedIn or Indeed. Your first 5 applications are free; go Pro to apply without limits.
Everything Pro unlocks:
- Unlimited applications — free stops at 5
- Track every application in one place
- Apply straight to the source, one click
- Save & organize roles you love
- Roles pulled from company boards before the big sites
