Aptos Foundation is hiring a

Security Lead, Web3

About the Aptos Foundation

The Aptos Foundation is committed to growing the Aptos ecosystem in a safe, secure, and scalable way. As we expand our global presence, secure development and responsible participation in the Web3 world is more critical than ever. We're looking for a Security Lead, Web3 to organize security strategy and incident response, help grow internal security culture, and serve as a key bridge between technical development and ecosystem integrity.

About the Role

We are looking for a technically grounded and crypto-native leader who can oversee the operational security of a fast-moving foundation — while remaining close to the code, close to the risks, and proactive in incident readiness. You’ll define and own our security posture, help implement key security tooling (e.g. Sentinel One), and collaborate closely with engineering, DevOps, and protocol teams to mitigate risks, especially in environments without centralized controls.

You will also work cross-functionally with Aptos Labs security stakeholders, but with a clear mandate to address the foundation’s specific infrastructure, employee endpoint risks, and incident response.

Responsibilities

• Own and lead the security function at the Aptos Foundation, including endpoint, infrastructure, and data protection strategy

• Provide hands-on technical insight into smart contract updates, protocol-level debugging, and developer support as needed

• Serve as a thoughtful, rigorous security voice in the broader Web3 ecosystem – not for setting standards, but for upholding strong internal practices

• Evaluate and implement security tools and services such as device management (e.g., Rippling) and threat detection (e.g., Sentinel One)

• Lead incident response planning and execution, including endpoint compromise or phishing mitigation across a globally distributed team

• Partner with Labs teams where relevant, ensuring clear coordination without compromising Foundation autonomy

Requirements

• 5+ years in security roles, ideally with hands-on engineering experience

• Prior experience working in or around Web3/crypto environments – you understand the risks and the code

• Familiarity with endpoint protection, secure cloud configurations, and decentralized tech stacks

• Able to roll up sleeves and debug protocol- or application-level issues

• Low-ego, high-rigor approach — comfortable operating without excessive hierarchy or titles

• Strong judgment in distinguishing operational security needs from abstract compliance requirements
  Ability to grow and lead a small security team over time

Nice to Have

• Experience scaling security functions in a high-growth or startup environment

• Experience with contract debugging or collaborating with protocol engineers

• Knowledge of relevant legal/regulatory considerations in crypto security

Note: We're looking for someone who thrives in a dynamic, high-autonomy environment — not someone whose expectations are shaped by large corporate org charts or frameworks. You’ll be building the system, not maintaining one.

Apply Now: