Senior Security Engineer

Interested in working on cutting-edge blockchain technology and creating equitable access to the global financial system? Since 2014, the mission-driven team at the Stellar Development Foundation (SDF) has helped fuel the tremendous growth of the Stellar blockchain network, an open-source platform that operates at high-scale today. Recently, the Stellar network saw a significant upgrade in the form of Soroban, a new Smart Contracts platform. Developers and companies around the world are already building on Soroban, and the SDF team is expanding to support the rapidly growing and changing Stellar ecosystem.

SDF is looking for an experienced Security Engineer who will work closely with our engineering and product teams as well as third-party groups to ensure the Stellar ecosystem is secure.

In this role you will:

• Lead efforts to improve our security vulnerability management programs both proactively (audits, etc) and reactively (bug bounties, etc)

• Establish a security framework (processes, training, etc) with engineering teams to incorporate security during all phases of application development lifecycle.

• Build a strong "security minded" community for the long term. Expanding our security framework to the broader community as to help secure the Stellar Ecosystem.

• Identify gaps in tools and automation in the Stellar Ecosystem, and help close those gaps by leveraging all SDF resources available (legal, business partnerships, grants, or developed in house).

You have:

• 5+ years of experience on a SecOps, AppSec team and/or Software development team.

• Strong understanding of security libraries and common security flaws.

• Hands on development experience with various languages. Being able to understand and work with a new language is a plus.

• A strong track record working in a collaborative environment

• Experience consulting with external vendors

• Experience with MITRE, NIST, OWASP frameworks

• Experience with common security / pen testing tools, nmap, Burp Suite

• Experience with automated security scanners: Nessus, Qualys, Snyk

• A strong understanding of OSI protocols such as TCP/IP, UDP, HTTP, HTTPS

• A good understanding of Cloud Infrastructure access controls and best practices.

• A good understanding of Linux

• Experience performing security testing using fuzzing techniques

Nice to have:

• Experience working on open source projects

• Active participation in the crypto community

• Experience with infrastructure solutions like Docker, Kubernetes

• Experience in developing smart contracts

• Experience applying formal methods of verifying blockchain systems

We offer competitive pay with a base salary range for this position of $150,000 - $200,000 depending on job-related knowledge, skills, experience, and location. In addition, we offer lumen-denominated grants along with the following perks and benefits: