Decentralized Masters · 1 week ago
DevOps Security Engineer
United States
Full-time
Remote
Senior Level
5+ years expDecentralized Masters is a profitable education and investment ecosystem, and they are seeking a DevOps Security Engineer to ensure the security of their platform tracking significant digital assets. The role involves ownership of security posture, conducting penetration testing, and managing both quality assurance and infrastructure responsibilities.
Crypto & Web3FinanceDecentralized Finance (DeFi)Financial Services
Responsibilities
Own the security posture across all products: Legacy, Trading Bot, and future platforms. If something gets breached, it is your problem. If nothing gets breached, it is because of your work
Conduct regular penetration testing, vulnerability assessments, and threat modeling aligned with OWASP standards and methodologies
Ensure full coverage of the OWASP Top 10 in application security testing, code reviews, and deployment checks
Perform security-focused code reviews across frontend, backend, and infrastructure code, catching what standard code reviews miss
Implement and manage secrets management (Vault, AWS Secrets Manager, or KMS), access controls, and least-privilege policies
Build and maintain incident response playbooks. When something breaks, you lead the response, run the post-mortem, and ship the fix
Stay ahead of Web3 and crypto-specific attack vectors: phishing campaigns, wallet exploits, API key compromises, supply chain attacks, and social engineering
Manage and coordinate external security audits and penetration tests from third-party firms
Design and implement test strategies across all products: unit tests, integration tests, end-to-end tests, API tests, and regression suites
Build and maintain automated testing frameworks and CI quality gates that prevent broken code from reaching production
Define and track quality metrics: test coverage, flakiness rate, regression detection latency, and bug escape rate
Write and execute security test cases: authentication flows, authorization controls, input validation, API abuse scenarios, and edge cases around financial data
Perform both white-box and black-box testing, leveraging full codebase access to catch issues that surface-level QA would miss
Test across the full stack: frontend UI, backend APIs, database queries, third-party integrations, and on-chain interactions
Maintain and improve cloud infrastructure on AWS using Infrastructure as Code (Terraform or CloudFormation)
Own CI/CD pipelines (GitHub Actions preferred): automated testing, security scanning, linting, and deployment
Harden infrastructure: network security, IAM policies, container security, and environment isolation
Build logging, monitoring, and alerting across all services (CloudWatch, Prometheus, Grafana, or equivalent)
Ensure audit trails for user actions, system changes, and access events
Manage production reliability, incident response, and cost optimization
Contribute production code across frontend and backend, bringing a security-first mindset to every feature you build
Build features, fix bugs, and ship improvements alongside the engineering team
Every line you write should make the product better and harder to break: input validation, error handling, authentication, and data protection by default
Participate in architecture discussions and code reviews, advocating for testability, reliability, and security in every decision
Qualification
Required
5+ years in software engineering roles with meaningful, hands-on security and QA experience. We will verify this. If your security experience is theoretical, this is not the right fit
Fullstack development experience: you can build and ship features across frontend (React or equivalent) and backend (Node.js, Python, Go, or equivalent)
Hands-on penetration testing and vulnerability assessment experience across web applications, APIs, and cloud infrastructure
Strong working knowledge of OWASP standards, including the OWASP Top 10, OWASP Testing Guide, and OWASP secure coding practices
Experience building automated test frameworks and integrating testing into CI/CD pipelines
AWS expertise (EC2, ECS/EKS, Lambda, VPC, IAM, S3, RDS, CloudFront, WAF)
Infrastructure as Code experience (Terraform, CloudFormation, or Pulumi)
Container technologies: Docker and Kubernetes in production environments
Scripting and automation proficiency in Bash and Python
Experience with secrets management tools (HashiCorp Vault, AWS Secrets Manager, or similar)
Familiarity with security and testing tools (Burp Suite, OWASP ZAP, Selenium, Cypress, Jest, Postman, or equivalent)
Strong communication skills: you can explain security risks and quality tradeoffs clearly to non-technical stakeholders
Preferred
Security certifications: OSCP, CISSP, CompTIA Security+, AWS Security Specialty, or equivalent
Experience at a crypto, DeFi, Web3, or fintech product company (Coinbase, Phantom, Stripe, Casa, MetaMask, Zerion, Ramp, or similar)
Familiarity with Web3-specific security concerns: wallet security, key management, on-chain monitoring, phishing mitigation
SDET background or experience in a hybrid development-and-testing role
Experience testing financial systems: payment flows, ledger integrity, double-spend prevention, or transaction monitoring
Experience implementing zero-trust architectures
Bug bounty participation, CVE publications, or contributions to open-source security tooling
Benefits
Competitive salary + performance-based incentives tied to retention & LTV improvement
Direct exposure to founders
Team Offsites
Remote work
High ownership, high-impact role
Company
Decentralized Masters
Decentralized Masters is a blockchain-focused platform focused on decentralized solutions, education, and Web3 development services.
51-200 employees
Funding
Current Stage
Growth StageLeadership Team
Salim Elhila
Co-Founder - Strategic CEO
Tan Gera
Co-Founder
Recent News
2026-04-19
Morningstar.com
2025-12-24
Company data provided by crunchbase