Aptos is a people-first blockchain on a mission to help billions of people achieve universal and fair access to decentralized assets in a safe and scalable way.
Founded by some of the original creators and maintainers that researched, designed, and built the Diem blockchain to serve this purpose, we have dedicated several years toward this mission. We believe the open-source Diem technology we have developed is an important foundation of a safe and scalable web3 world where everyone has more equitable opportunities to grow and access financial assets with lower fees and fewer intermediaries.
Aptos (Ohlone for "The People") encompasses our mission and ethos for why we build.
The Aptos Foundation is committed to growing the Aptos ecosystem in a safe, secure, and scalable way. As we expand our global presence, secure development and responsible participation in the Web3 world is more critical than ever. We're looking for a Security Lead, Web3 to organize security strategy and incident response, help grow internal security culture, and serve as a key bridge between technical development and ecosystem integrity.
About the RoleWe are looking for a technically grounded and crypto-native leader who can oversee the operational security of a fast-moving foundation — while remaining close to the code, close to the risks, and proactive in incident readiness. You’ll define and own our security posture, help implement key security tooling (e.g. Sentinel One), and collaborate closely with engineering, DevOps, and protocol teams to mitigate risks, especially in environments without centralized controls.
You will also work cross-functionally with Aptos Labs security stakeholders, but with a clear mandate to address the foundation’s specific infrastructure, employee endpoint risks, and incident response.
Responsibilities- Own and lead the security function at the Aptos Foundation, including endpoint, infrastructure, and data protection strategy
- Provide hands-on technical insight into smart contract updates, protocol-level debugging, and developer support as needed
- Serve as a thoughtful, rigorous security voice in the broader Web3 ecosystem – not for setting standards, but for upholding strong internal practices
- Evaluate and implement security tools and services such as device management (e.g., Rippling) and threat detection (e.g., Sentinel One)
- Lead incident response planning and execution, including endpoint compromise or phishing mitigation across a globally distributed team
- Partner with Labs teams where relevant, ensuring clear coordination without compromising Foundation autonomy
- 5+ years in security roles, ideally with hands-on engineering experience
- Prior experience working in or around Web3/crypto environments – you understand the risks and the code
- Familiarity with endpoint protection, secure cloud configurations, and decentralized tech stacks
- Able to roll up sleeves and debug protocol- or application-level issues
- Low-ego, high-rigor approach — comfortable operating without excessive hierarchy or titles
- Strong judgment in distinguishing operational security needs from abstract compliance requirements
Ability to grow and lead a small security team over time
- Experience scaling security functions in a high-growth or startup environment
- Experience with contract debugging or collaborating with protocol engineers
- Knowledge of relevant legal/regulatory considerations in crypto security
Note: We're looking for someone who thrives in a dynamic, high-autonomy environment — not someone whose expectations are shaped by large corporate org charts or frameworks. You’ll be building the system, not maintaining one.
Our Benefits
- 100% insurance premium coverage for medical, dental, and vision for you and your dependents (US Employees)
- Equipment of your choice
- Flexible vacation time, 11 holidays, and floating company days off
- Competitive Salary
- Protocol Token Grants
- 401k matching (US Employees)
- Fun and inclusive in-person and digital events
Aptos is committed to diversity in the workplace, and we’re proud to be an Equal Opportunity Employer. We do not hire on the basis of race, color, religion, creed, gender, national origin, citizenship, age, disability, veteran status, marital status, pregnancy, parental status, sex, gender expression or identity, sexual orientation, or any other basis protected by local, state or federal law. All employment is decided based on qualifications, merit, and business need.
To protect yourself, please be aware of the following:
- We will never ask you for payment of any kind during the application or onboarding process, including fees for background checks, training, or equipment.
- We will always communicate with you using our official company email domain.
- We will never request your personal financial information, such as your social security number or bank account details, during the initial application stages or via email or a video/voice call when onboarding.
