Orchestrate Scanning: Own the end-to-end lifecycle of our security stack (Wiz/Orca, Trivy/Grype, Semgrep/CodeQL, and Socket). You’ll manage schedules, tune outputs to reduce noise, and partner with engineering to drive remediation.
Manual Assessments: Conduct deep-dive security reviews of SDF codebases, APIs, and infrastructure configurations on a regular cadence.
Supply Chain & SBOMs: Monitor dependencies for newly disclosed CVEs using Dependabot and Socket; maintain and automate our Software Bill of Materials (SBOM) workflows.
Third-Party Audits: Manage external audits from scoping to final report—handling info-sharing, findings intake, and public-facing remediation summaries.
Incident Leadership: Act as the lead for security incidents: managing triage, containment, forensics, and stakeholder communication through to resolution.
Detection Engineering: Dig through logs and investigate anomalies in the SIEM. You will write, tune, and maintain detection rules to ensure our alert library remains relevant and actionable.
Forensics & Hunting: Perform deep-dive forensic work (log reconstruction, lateral movement analysis) and run proactive threat-hunting exercises based on current intel.
Operational Readiness: Maintain IR playbooks and detection runbooks, ensuring they are updated with "hard-won" learnings after every significant event.
Bug Bounty Orchestration: Manage SDF’s programs on HackerOne and Immunefi. You’ll triage submissions, calculate CVSS scores, coordinate with engineering for validation, and manage researcher payouts.
Community Engagement: Represent SDF in community forums and at conferences, sharing insights derived from real operational work rather than hypotheticals.
Developer Enablement: Write and maintain "paved road" security guidance for Stellar and Soroban developers, including secure coding standards and threat model templates.

Requirements

The 10-Year Veteran: You have a decade of experience across SecOps, AppSec, or Detection Engineering, with a proven track record of owning high-volume security programs.
The SIEM Expert: You are proficient in writing complex detection logic and managing alert fatigue in platforms like Splunk, Elastic, or Chronicle.
The Battle-Tested Responder: You’ve led high-pressure incidents through the entire lifecycle, from initial "bump in the night" to the final post-mortem.
Cloud Native: You are comfortable auditing AWS environments (IAM, VPC, Logging) using tools like Prowler, Steampipe, or Cloud-native APIs.
Tech Stack Proficient: You have hands-on experience with the modern security stack: Wiz, Semgrep, CodeQL, tfsec, and osquery.
Communication Pro: You can translate a complex exploit into a clear risk assessment for leadership and a "how-to-fix" guide for engineers.
Bonus points if you have experience with the Stellar protocol, XDR, Horizon API, or the Soroban (Rust/WASM) smart contract ecosystem.
Deep knowledge of eBPF-based runtime detection (Falco/Cilium).
Experience in Formal Verification or advanced smart contract auditing.
Active contributions to open-source security projects or published research.

Benefits

Competitive health, dental & vision coverage with most plans covered at 100% for the employee + any dependents
Flexible time off + 15 company holidays including a company-wide holiday break
Up to 12 weeks of paid parental leave for both non-birthing and birthing parents, as well as up to 14 weeks of paid pregnancy leave for birthing parents
Gym reimbursement ($80 per month)
Life & ADD (up to $50K)
Short & Long term disability
401K with 4% match
Health & Dependent Care FSA Accounts
Commuter benefits with $250/month employer contribution
Health Savings Account (HSA) with monthly employer contribution
Family building benefits through Kindbody
Wellbeing benefits (One Medical, Rightway, Headspace)
L&D budget of $1,500/year
Daily lunch and snacks in office
Company retreats

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

SecOpsAppSecDetection Engineeringdetection logicforensicsthreat huntingauditingformal verificationsmart contract auditingeBPF

Soft Skills

incident managementcommunicationcommunity engagementdeveloper enablement