Senior Application Security Engineer
Stellar Development Foundation•New York, NY
4d•$140,000 - $170,000
About The Position
Interested in working on cutting-edge blockchain technology and creating equitable access to the global financial system? Since 2014, the mission-driven team at the Stellar Development Foundation (SDF) has helped fuel the tremendous growth of the Stellar blockchain network, an open-source platform that operates at high-scale today. Developers and companies around the world build on it, and the SDF team is expanding to support the rapidly growing and changing Stellar ecosystem. SDF is looking for a Senior Security Engineer to help shape and scale the security program across the Stellar ecosystem. This isn't a policy role; it’s an operational one. You will be responsible for executing the core technical work that keeps the network and its users safe: vulnerability management, bug bounty orchestration, incident response, and detection engineering.
Requirements
- The 10-Year Veteran: You have a decade of experience across SecOps, AppSec, or Detection Engineering, with a proven track record of owning high-volume security programs.
- The SIEM Expert: You are proficient in writing complex detection logic and managing alert fatigue in platforms like Splunk, Elastic, or Chronicle.
- The Battle-Tested Responder: You’ve led high-pressure incidents through the entire lifecycle, from initial "bump in the night" to the final post-mortem.
- Cloud Native: You are comfortable auditing AWS environments (IAM, VPC, Logging) using tools like Prowler, Steampipe, or Cloud-native APIs.
- Tech Stack Proficient: You have hands-on experience with the modern security stack: Wiz, Semgrep, CodeQL, tfsec, and osquery.
- Communication Pro: You can translate a complex exploit into a clear risk assessment for leadership and a "how-to-fix" guide for engineers.
Nice To Haves
- Experience with the Stellar protocol, XDR, Horizon API, or the Soroban (Rust/WASM) smart contract ecosystem.
- Deep knowledge of eBPF-based runtime detection (Falco/Cilium).
- Experience in Formal Verification or advanced smart contract auditing.
- Active contributions to open-source security projects or published research.
Responsibilities
- Vulnerability Management & AppSec
- Orchestrate Scanning: Own the end-to-end lifecycle of our security stack (Wiz/Orca, Trivy/Grype, Semgrep/CodeQL, and Socket). You’ll manage schedules, tune outputs to reduce noise, and partner with engineering to drive remediation.
- Manual Assessments: Conduct deep-dive security reviews of SDF codebases, APIs, and infrastructure configurations on a regular cadence.
- Supply Chain & SBOMs: Monitor dependencies for newly disclosed CVEs using Dependabot and Socket; maintain and automate our Software Bill of Materials (SBOM) workflows.
- Third-Party Audits: Manage external audits from scoping to final report—handling info-sharing, findings intake, and public-facing remediation summaries.
- Detection & Incident Response
- Incident Leadership: Act as the lead for security incidents: managing triage, containment, forensics, and stakeholder communication through to resolution.
- Detection Engineering: Dig through logs and investigate anomalies in the SIEM. You will write, tune, and maintain detection rules to ensure our alert library remains relevant and actionable.
- Forensics & Hunting: Perform deep-dive forensic work (log reconstruction, lateral movement analysis) and run proactive threat-hunting exercises based on current intel.
- Operational Readiness: Maintain IR playbooks and detection runbooks, ensuring they are updated with "hard-won" learnings after every significant event.
- Ecosystem & Community
- Bug Bounty Orchestration: Manage SDF’s programs on HackerOne and Immunefi. You’ll triage submissions, calculate CVSS scores, coordinate with engineering for validation, and manage researcher payouts.
- Community Engagement: Represent SDF in community forums and at conferences, sharing insights derived from real operational work rather than hypotheticals.
- Developer Enablement: Write and maintain "paved road" security guidance for Stellar and Soroban developers, including secure coding standards and threat model templates.
Benefits
- Competitive health, dental & vision coverage with most plans covered at 100% for the employee + any dependents
- Flexible time off + 15 company holidays including a company-wide holiday break
- Up to 12 weeks of paid parental leave for both non-birthing and birthing parents, as well as up to 14 weeks of paid pregnancy leave for birthing parents
- Gym reimbursement ($80 per month)
- Life & ADD (up to $50K)
- Short & Long term disability
- 401K with 4% match
- Health & Dependent Care FSA Accounts
- Commuter benefits with $250/month employer contribution
- Health Savings Account (HSA) with monthly employer contribution
- Family building benefits through Kindbody
- Wellbeing benefits (One Medical, Rightway, Headspace)
- L&D budget of $1,500/year
- Daily lunch and snacks in office
- Company retreats
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
