Ethena Labs is hiring a

Web3 Staff/Senior Security Engineer - DeFi

Own the end-to-end design of our signing regime, including signer composition, thresholds, and intent communication, and continue evolving our pre-signature verification workflows for destination, calldata, and state-change confirmation.

Manage, maintain and continuously upgrade canonical address and contract allowlist system and infra that manages it, ensuring every whitelisting or approval action is checked against this list pre-signature, requiring documented review for any additions.

Operate and tighten real-time monitoring across wallets, custodians, and DeFi positions, keep it integrated with our SOC 2 incident-response workflows, and contribute to playbooks for evolving risk scenarios.

Run independent technical reviews of new protocol integrations and keep our risk register current as positions and dependencies evolve.

Continuously verify ERC-20 approval hygiene across the treasury, and partner with Finance on automated reconciliation between on-chain activity and accounting systems.

Own the process of producing the documentation of controls, tooling, and decisions that our auditors, underwriters, and institutional counterparties expect.

Mastery of Solidity and the EVM; you can read arbitrary contracts and raw calldata without assistance. You are fluent in tools such as Tenderly, Foundry-based simulation, and trace analysis.

Deep practical experience with Gnosis Safe, Coinbase Prime, Anchorage, and Fireblocks. Strong understanding of the operational failure modes inherent in browser-based custodian extensions and hardware wallet signing flows.

Strong practitioner-level knowledge of DeFi protocols like Aave, Morpho, and Stargate. You understand risk parameters, oracle structures, and bridge message-passing mechanics.

A security-first mindset that assumes a hostile environment by default. You possess a "vigilance disposition" - you are energized by rigorous verification and are committed to maintaining safety standards even when facing operational pressure.

Proven ability to explain technical risks to non-technical stakeholders (COO team, executives, auditors). You are a self-starter comfortable owning infrastructure end-to-end and producing high-quality, audit-grade documentation.