Security Engineer (Web3)

TL;DR

Security Engineer (Web3): Own end-to-end security operations including monitoring, alerting, bug bounty triage, CI/CD hardening, and infrastructure security with an accent on DevSecOps practices and vulnerability management. Focus on threat modeling, enforcing SDLC standards, and driving remediation across protocol and platform teams.

Onsite: Must come into the office every day and work in person with the team

Company

hirify.global is a DeFi protocol building crypto infrastructure.

What you will do

• Own security operations: monitoring, alerting, triage, response, and endpoint security via EDR
• Manage bug bounty program on ImmuneFi: triage submissions, prioritize vulnerabilities, track remediation
• Harden CI/CD pipelines: secrets management, SAST/DAST, dependency security
• Secure infrastructure: review cloud environments, threat modeling, implement security tooling
• Handle identity management: onboarding/offboarding, access provisioning
• Manage vendors: ensure SLAs, onboard new tooling

Requirements

• 5–8+ years in software and security engineering, with DevSecOps or security operations experience
• Strong coding skills and software engineering fundamentals
• Hands-on with CI/CD (GitHub Actions, CircleCI) and cloud (AWS, GCP)
• Experience with EDR (CrowdStrike) and IAM processes
• Strong communication for reports, feedback, and risk explanation

Nice to have

• Background as traditional software engineer
• Experience at DeFi protocol, crypto exchange, or blockchain company
• CTF or open-source security contributions

Culture & Benefits

• Hands-on, builder-first role embedded in engineering team
• Close collaboration with infrastructure, protocol, and platform teams
• Own security end-to-end without governance checkboxes