Senior Security Engineer Remote, Full Time NEW

About The Company Hi, we’re Ondo Finance. Our mission is to provide institutional-grade, blockchain-enabled investment products and services. We have both a technology arm that develops decentralized finance technology, and an asset management arm that creates and manages tokenized funds. We were the first company to tokenize exposure to US Treasuries, and have since expanded into several other assets. We are also focused on incubating protocols that can support both tokenized real-world assets and traditional crypto.

Founded by folks from Goldman Sachs Digital Assets Team, we’re backed by some of the best investors in the world including Founders Fund, Coinbase Ventures, Pantera Capital, Tiger Global, and more. We are currently the leaders in the space in terms of AUM and are well capitalized to continue growing the firm. We’re fully remote, with team members across the U.S.

About The Role We are hiring a Senior Security Engineer to own how we secure cloud, network, and infrastructure-as-code at Ondo. You will set the bar for how production is built and operated: identity, network segmentation, secrets, IaC guardrails, runtime posture, and offensive testing.

This role sits between platform engineering and security. You will write Terraform, review Terraform, write the policies that gate Terraform, and break things in staging to prove the policies actually hold. You will partner with Operations / IR on cloud detection coverage and with Product Security on the boundary between app and infra.

What You’ll Do Own cloud security posture across AWS and GCPs: IAM, network, encryption, logging, and account structure.
CNAP: prioritize findings against real risk, drive remediation through engineering, and measure progress.
Design and enforce IaC guardrails: pre-merge policy-as-code, required modules, and CI gates that make the secure path the default.
Lead identity and access design across cloud, IdP, and developer platforms. Drive least-privilege as a continuously enforced property, not an annual project.
Own secrets management strategy and migration off of long-lived credentials wherever feasible .
Run focused offensive testing against our own infrastructure: cloud red-team scenarios, IAM privilege-escalation paths, CI/CD supply-chain attack paths, and lateral-movement chains. Translate findings into durable controls.
Partner with SecOps on detection coverage for cloud control-plane abuse and with Product Security on the infra side of application threat models.
Drive third-party and supply-chain risk for infra components: container base images, build pipelines, OSS dependencies in Terraform modules, and IaC providers.
Lead incident response for infra-rooted incidents alongside the SecOps lead.
Mentor engineers on threat modeling, secure-by-default infra patterns, and how to reason about blast radius.
What We’re Looking For 3-5+ years in security engineering with deep focus on cloud and/or infrastructure.
Strong IaC skills — you have written, reviewed, and refactored real IaC at scale, and you can explain the failure modes of large IaC codebases.
Production experience across AWS, GCP, or Azure.
Hands-on experience with a cloud security platformn
Strong scripting skills in Python or Go.
Working knowledge of Kubernetes security (RBAC, admission control, workload identity) if our stack uses it; bonus if you can operate it.
Comfort owning a domain end-to-end: design, build, operate
Nice to Have Experience defending crypto, fintech, or other targeted environments.
Experience with CI/CD security
Adjacent experience in offensive security, application security, or other engineering disciplines welcome
Familiarity with how on-chain operations interact with off-chain infrastructure
What We Offer Competitive compensation including salary, future token rights, and/or equity (according to your preferences) — we’re well-funded and believe that great talent deserves great compensation
Full benefits (medical, vision, and dental) and flexible vacation policy (PTO)
Small remote-first team across many countries — you’ll be an early team member helping shape our vision, culture, and design practices
A+ colleagues — our team includes alumni from: Goldman Sachs, Blackrock, Two Sigma, Bridgewater, SpaceX, AWS, Meta, Google, Pinterest, McKinsey, Circle, Uniswap, Phantom
Best-in-class investors — we are proud to be backed by leading crypto experts and VCs, including Pantera Capital, Founders Fund and Coinbase Ventures

Tagged as: senior security engineer, united states