What are the responsibilities and job description for the Security Engineer position at ether.fi?
About the Role:
We're looking for a Security Engineer who is equally at home hardening a CI/CD pipeline, reviewing a change to the authentication system on the backend, and triaging a bug bounty submission before lunch.This is a hands-on, builder-first role — not a governance checkbox. You'll own security operations end-to-end, embedded directly into the engineering team and working closely with infrastructure, protocol and platform.
If you treat threat modeling as a design conversation and not a compliance exercise, you're our kind of person. You should only apply for this role if you are ready to come into the office every day and work in person with our team!
What You'll Do:
Security Operations
Own day-to-day security operations: monitoring, alerting, triage, and response
Manage and monitor endpoint security via an EDR system — tune detections, investigate alerts, and drive incidents to resolution
Lead identity lifecycle management, including employee onboarding and off boarding (access provisioning, key rotation, deprovisioning)
Bug Bounty & Vulnerability Management
Be the primary owner of our ImmuneFi program — triaging, reproducing, and responding to incoming submissions daily
Prioritize and track vulnerabilities through to remediation in close collaboration with protocol and engineering teams
Develop internal tooling and processes to make the bounty workflow faster and more consistent
DevSecOps & Pipeline Hardening
Audit and harden CI/CD pipelines — secrets management, supply chain integrity, SAST/DAST integration, build provenance
Own dependency security: identify and remediate vulnerable packages across repositories (yes, including the npm dependency hell)
Establish and enforce security standards across the SDLC
Infrastructure Security
Partner with the infrastructure team to review and harden cloud environments (access controls, network segmentation, least privilege, logging)
Contribute to threat modeling for new systems and architectural changes
Drive implementation of security tooling across the stack
Vendor & External Partner Management
Own relationships with external security vendors and service providers — holding them accountable toSLAs, managing scope, and ensuring findings are actioned
Evaluate and onboard new security tooling as the team and threat landscape evolve
What We're Looking For:
5–8 years of experience in software and security engineering, with meaningful time in a DevSecOps or security operations context
Strong software engineering fundamentals — you're a builder who writes code, not just policy
Hands-on experience hardening CI/CD pipelines (GitHub Actions, CircleCI, or similar) and cloud infrastructure (AWS, GCP, or equivalent)
Proficiency with endpoint security tooling (CrowdStrike or equivalent EDR)
Comfort owning identity and access management processes, including onboarding/offboarding workflows
Strong communication skills — you can write a clear triage report, give direct feedback to a developer and explain risk to a non-technical stakeholder
Nice to Have:
You were a traditional software engineer before specializing in security
Prior experience at a DeFi protocol, crypto exchange, or blockchain infrastructure company
CTF/security competition background
Contributions to open-source security tooling
What Success Looks Like:
In your first 90 days, you've mapped our attack surface, established a daily rhythm on ImmuneFi, and shipped at least a few meaningful PRs across the full stack. Within six months, you've built enough trust in the team that engineers come to you before shipping sensitive PRs, not after.
We're looking for a Security Engineer who is equally at home hardening a CI/CD pipeline, reviewing a change to the authentication system on the backend, and triaging a bug bounty submission before lunch.This is a hands-on, builder-first role — not a governance checkbox. You'll own security operations end-to-end, embedded directly into the engineering team and working closely with infrastructure, protocol and platform.
If you treat threat modeling as a design conversation and not a compliance exercise, you're our kind of person. You should only apply for this role if you are ready to come into the office every day and work in person with our team!
What You'll Do:
Security Operations
Own day-to-day security operations: monitoring, alerting, triage, and response
Manage and monitor endpoint security via an EDR system — tune detections, investigate alerts, and drive incidents to resolution
Lead identity lifecycle management, including employee onboarding and off boarding (access provisioning, key rotation, deprovisioning)
Bug Bounty & Vulnerability Management
Be the primary owner of our ImmuneFi program — triaging, reproducing, and responding to incoming submissions daily
Prioritize and track vulnerabilities through to remediation in close collaboration with protocol and engineering teams
Develop internal tooling and processes to make the bounty workflow faster and more consistent
DevSecOps & Pipeline Hardening
Audit and harden CI/CD pipelines — secrets management, supply chain integrity, SAST/DAST integration, build provenance
Own dependency security: identify and remediate vulnerable packages across repositories (yes, including the npm dependency hell)
Establish and enforce security standards across the SDLC
Infrastructure Security
Partner with the infrastructure team to review and harden cloud environments (access controls, network segmentation, least privilege, logging)
Contribute to threat modeling for new systems and architectural changes
Drive implementation of security tooling across the stack
Vendor & External Partner Management
Own relationships with external security vendors and service providers — holding them accountable toSLAs, managing scope, and ensuring findings are actioned
Evaluate and onboard new security tooling as the team and threat landscape evolve
What We're Looking For:
5–8 years of experience in software and security engineering, with meaningful time in a DevSecOps or security operations context
Strong software engineering fundamentals — you're a builder who writes code, not just policy
Hands-on experience hardening CI/CD pipelines (GitHub Actions, CircleCI, or similar) and cloud infrastructure (AWS, GCP, or equivalent)
Proficiency with endpoint security tooling (CrowdStrike or equivalent EDR)
Comfort owning identity and access management processes, including onboarding/offboarding workflows
Strong communication skills — you can write a clear triage report, give direct feedback to a developer and explain risk to a non-technical stakeholder
Nice to Have:
You were a traditional software engineer before specializing in security
Prior experience at a DeFi protocol, crypto exchange, or blockchain infrastructure company
CTF/security competition background
Contributions to open-source security tooling
What Success Looks Like:
In your first 90 days, you've mapped our attack surface, established a daily rhythm on ImmuneFi, and shipped at least a few meaningful PRs across the full stack. Within six months, you've built enough trust in the team that engineers come to you before shipping sensitive PRs, not after.