S

Security / DevSecOps Engineer (Web3 Fintech)

Stealth · Chicago, Illinois, United States · $160K–$200K/yr

4 d ago
Senior (5-10 yrs) Full-time United States
Log in to apply, save this posting, or score it against your profile with AI.

About the role

Design and maintain secure CI/CD pipelines and cloud infrastructure across AWS and GCP. Conduct threat modeling and smart contract security reviews to ensure the integrity of Web3 fintech products.

What they look for

CI/CD SAST DAST SCA Threat Modeling Smart Contract Security AWS GCP Kubernetes Docker Python Go Solidity IAM Secrets Management SOC 2

Requirements

Requires 4+ years of security engineering experience, including at least one year in Web3/blockchain. Proficiency in Python, Go, or Solidity and experience with container security and smart contract auditing tools is required.

Benefits

Equity

Full description

Venture-backed startup, focused on building foundational infrastructure at the intersection of fintech and Web3. We are currently in stealth mode, developing USHP- a next-generation product designed to address critical gaps in financial systems.

We are a small, deliberate team at an early stage. The people joining now will shape not just what we build, but how we build it, our culture, our standards, and our long-term trajectory. We are not looking for passengers; we are looking for builders who take ownership and thrive in environments where the path is still being defined.

Due to the nature of our work, specific product details are shared during the interview process under NDA.

USHP is building two related products: a proprietary daily predictive index of U.S. home prices, and an on-chain token whose value tracks that index. The token is collateralized by real U.S. residential properties and pays staking yield from the net income generated by the underlying portfolio. The protocol includes a full DeFi integration suite: Pendle yield tokenization, Aave/Morpho collateral, and Uniswap/Curve liquidity.

Security / DevSecOps Engineer — Web3 Fintech

About the Role Security is foundational architecture at our company. We're looking for a DevSecOps engineer who lives at the intersection of blockchain security and cloud infrastructure, and can embed security thinking into every stage of our development pipeline.

Responsibilities

  • Design and maintain CI/CD pipelines with integrated SAST, DAST, and SCA tooling
  • Conduct threat modeling, vulnerability assessments, and smart contract security reviews
  • Build automated security controls across AWS/GCP infrastructure (IAM, secrets management, network policies)
  • Monitor for incidents, anomalies, and on-chain threats; develop response playbooks
  • Own container and Kubernetes security hardening
  • Partner with engineering on secure-by-default coding practices
  • Ensure compliance with SOC 2, GDPR, and applicable financial security frameworks

Requirements

  • 4+ years in security engineering or DevSecOps, with at least 1 year in a blockchain/Web3 context
  • Hands-on experience with smart contract auditing tools (Slither, MythX, Echidna) or willingness to ramp quickly
  • Proficiency in Python, Go, or Solidity for scripting and tooling
  • Strong command of cloud security (AWS or GCP preferred), Docker, Kubernetes
  • Experience with Gnosis Safe, multi-sig wallet infrastructure, and key management systems is a major plus
  • Certifications (CISSP, CEH, AWS Security Specialty) are nice to have, not required

Compensation: $160K–$200K base + equity