Senior Security Engineer — Cloud & Infrastructure Security

Ondo Finance develops institutional-grade blockchain investment products and tokenized financial infrastructure spanning decentralized finance and real-world assets. This remote infrastructure security role focuses on securing cloud environments, infrastructure-as-code systems, identity architecture, secrets management, and runtime security across production infrastructure. 

The engineer will work between platform engineering and security operations, contributing to AWS and GCP security posture management, IaC policy enforcement, offensive infrastructure testing, and incident response workflows. The position is suited for engineers experienced in web3 security roles, cloud security engineering, Kubernetes environments, Terraform governance, and infrastructure protection within fintech or blockchain systems operating at production scale.

Blockchain infrastructure roles increasingly require security engineers who can enforce secure-by-default cloud systems while supporting rapid engineering delivery.

🔹 Responsibilities

• Own cloud security posture across AWS and GCP environments including IAM, encryption, networking, logging, and account structure
• Prioritize CNAP findings, drive remediation workflows, and track security improvements
• Design and enforce infrastructure-as-code guardrails including policy-as-code systems, CI gates, and required Terraform modules
• Lead identity and access architecture across cloud systems, developer platforms, and identity providers
• Develop secrets management strategies and reduce reliance on long-lived credentials
• Conduct offensive security testing against cloud infrastructure, CI/CD systems, IAM privilege escalation paths, and lateral movement scenarios
• Partner with SecOps teams on cloud detection coverage and control-plane abuse monitoring
• Collaborate with Product Security teams on infrastructure-related application threat models
• Manage third-party and supply-chain risk for infrastructure components, container images, Terraform modules, and IaC providers
• Lead incident response for infrastructure-rooted security incidents
• Mentor engineers on threat modeling and secure infrastructure design patterns

Build a web3 engineering team capable of maintaining secure cloud environments, resilient infrastructure systems, and scalable production operations.

🔹 Requirements

• 3–5+ years of security engineering experience focused on cloud or infrastructure security
• Strong infrastructure-as-code experience designing, reviewing, and refactoring large Terraform codebases
• Production experience across AWS, GCP, or Azure
• Hands-on experience with cloud security platforms
• Strong scripting skills using Python or Go
• Working knowledge of Kubernetes security including RBAC, admission control, and workload identity
• Ability to own infrastructure security systems end-to-end from design through operations
• Experience with CI/CD security is considered beneficial
• Additional experience in offensive security, application security, or related engineering disciplines is beneficial
• Familiarity with interactions between on-chain operations and off-chain infrastructure is beneficial

🔹 Compensation & Benefits

• Competitive compensation including salary, future token rights, and/or equity
• Full medical, dental, and vision benefits
• Flexible paid time off policy
• Remote-first work environment with globally distributed teams
• Opportunity to work alongside professionals from Goldman Sachs, BlackRock, AWS, Meta, Google, Circle, Uniswap, and Phantom
• Backed by investors including Pantera Capital, Founders Fund, and Coinbase Ventures