Zenith is hiring a

Web3 Head of Security (Engineering)

About Zenith

Zenith is developing an EVM environment built as an extension of the Canton Network, enabling developers to deploy programmable financial applications within one of the fastest-growing institutional blockchain ecosystems, trusted by JPMorgan, DTCC, Nasdaq, SBI Holdings, Broadridge, and Goldman Sachs.

By combining Ethereum’s developer ecosystem with Canton’s institutional infrastructure, Zenith sits at the intersection of DeFi innovation and global financial markets.

Role Summary
We are hiring a hands-on Head of Security to own and build our security posture end-to-end. This is a deeply technical role, not a policy-only or management-only position.
You will define, implement, and continuously improve security across our stack — from blockchain protocol internals to production infrastructure and company processes.

Responsibilities

• Own company-wide security strategy and execution
  • Design and operate incident response & emergency procedures
• Active attack handling
• Post-mortems and hardening
  • Drive secure system architecture across:
• Blockchain/protocol layer
• Backend services & APIs
• Infrastructure (cloud + networking)
• Establish and enforce secure development practices
• Lead security audits, reviews, and threat modeling
• Perform or supervise deep vulnerability research
• Define and improve internal processes for operational security
• Act as the final authority in security-critical decisions

Required Background
Strong engineering background (you’ve built real systems, not just reviewed them)

• Proven experience in offensive and defensive security
  • Vulnerability research
  • Security audits
  • Incident response
• Deep understanding of:
  • Blockchain systems
    • Smart contract models
    • Execution environments
    • Consensus mechanisms
    • P2P networking & RPC layers
  • Linux internals
  • Distributed systems & networking
• Strong programming skills in:
  • Rust and Go
• Experience securing:
  • Cloud infrastructure (GCP/AWS or equivalent)
  • Production-grade systems

Strongly Preferred Experience with:

• Red team operations
• Large-scale security architecture
• JVM ecosystem (Java / Scala)
• Experience from fintech or other security-critical domains
• Demonstrated contributions:
  • Audits, exploits, research, or security tooling
  • Open-source or verifiable real-world work

What We Explicitly Don’t Want

• Pure managers or “security policy” people
• Candidates without deep, demonstrable technical work
• Tool-driven operators with no understanding of underlying systems
• Anyone unable to reason about systems without scanners

Hiring Expectations

• We will review past work:
  • Code, audits, disclosures, research
• We expect clear evidence of:
  • Technical depth
  • Sound judgment
  • Ethical alignment (white/grey hat boundaries must be clear)