[Hiring] DevOps Security Engineer @Decentralized Masters

Role Description

You will be the single person responsible for the security of a platform that tracks hundreds of millions in digital assets. That is the job. Everything else is secondary.

We need someone who breaks things for a living. Someone who looks at a login page and sees six attack vectors. Someone who reads a pull request and catches the injection vulnerability that two senior developers missed. Someone who lies awake thinking about the phishing campaign that hasn't been invented yet. If that sounds exhausting, this is not your role. If that sounds like Tuesday, keep reading.

Your primary responsibilities are security and quality assurance:

• Own penetration testing, vulnerability assessments, threat modeling, automated test frameworks, and CI quality gates across every product we ship.
• Own infrastructure: AWS, CI/CD pipelines, monitoring, and incident response.
• Write production code when security and QA responsibilities are covered.

Qualifications

• 5+ years in software engineering roles with meaningful, hands-on security and QA experience.
• Fullstack development experience: you can build and ship features across frontend (React or equivalent) and backend (Node.js, Python, Go, or equivalent).
• Hands-on penetration testing and vulnerability assessment experience across web applications, APIs, and cloud infrastructure.
• Strong working knowledge of OWASP standards, including the OWASP Top 10, OWASP Testing Guide, and OWASP secure coding practices.
• Experience building automated test frameworks and integrating testing into CI/CD pipelines.
• AWS expertise (EC2, ECS/EKS, Lambda, VPC, IAM, S3, RDS, CloudFront, WAF).
• Infrastructure as Code experience (Terraform, CloudFormation, or Pulumi).
• Container technologies: Docker and Kubernetes in production environments.
• Scripting and automation proficiency in Bash and Python.
• Experience with secrets management tools (HashiCorp Vault, AWS Secrets Manager, or similar).
• Familiarity with security and testing tools (Burp Suite, OWASP ZAP, Selenium, Cypress, Jest, Postman, or equivalent).
• Strong communication skills: you can explain security risks and quality tradeoffs clearly to non-technical stakeholders.

Requirements

• Conduct regular penetration testing, vulnerability assessments, and threat modeling aligned with OWASP standards and methodologies.
• Ensure full coverage of the OWASP Top 10 in application security testing, code reviews, and deployment checks.
• Perform security-focused code reviews across frontend, backend, and infrastructure code.
• Implement and manage secrets management, access controls, and least-privilege policies.
• Build and maintain incident response playbooks.
• Stay ahead of Web3 and crypto-specific attack vectors.
• Manage and coordinate external security audits and penetration tests from third-party firms.
• Design and implement test strategies across all products.
• Build and maintain automated testing frameworks and CI quality gates.
• Define and track quality metrics.
• Write and execute security test cases.
• Perform both white-box and black-box testing.
• Test across the full stack.
• Maintain and improve cloud infrastructure on AWS using Infrastructure as Code.
• Own CI/CD pipelines.
• Harden infrastructure.
• Build logging, monitoring, and alerting across all services.
• Ensure audit trails for user actions, system changes, and access events.
• Manage production reliability, incident response, and cost optimization.
• Contribute production code across frontend and backend.
• Participate in architecture discussions and code reviews.

Benefits

• Competitive salary + performance-based incentives tied to retention & LTV improvement.
• Direct exposure to founders.
• Team Offsites.
• Remote work.
• High ownership, high-impact role.