Role in brief
Gauntlet seeks a Senior Security Engineer to build and scale security programs for DeFi systems, managing billions in assets. This role involves threat modeling, operating application security tools, and automating security tasks with AI. Candidates with a background in product/application security and security operations, proficient in Python, TypeScript, or JavaScript, and experienced with AI tools for automation, should consider applying.
About the role
This role focuses on enhancing the security posture of systems that manage significant financial assets within the DeFi space. The work involves proactive threat modeling for new features and integrations, alongside strengthening existing systems with robust controls. A key aspect is operating and refining the application security toolchain, ensuring it provides high-signal insights for developers.
The Senior Security Engineer will also manage daily security operations, including triaging alerts from various detection systems like EDR, SIEM, and on-chain monitoring. This involves identifying critical issues, resolving them, and reducing operational noise. Additionally, the role includes evaluating and rolling out security tooling and projects across the organization, requiring collaboration with engineering and infrastructure teams.
A significant part of this position involves leveraging AI to automate repetitive security tasks, such as vulnerability workflows, access reviews, and audit evidence collection. The engineer will build reusable AI components and agents to be adopted by other engineering functions, contributing to a more efficient and automated security framework.
The salary for this role ranges from $180,000 to $210,000 USD annually.
Skills that matter here
- Python: Proficiency in Python is required for developing and automating security tools and workflows.
- TypeScript: Experience with TypeScript is necessary for working with the company's codebase and security-related development.
- JavaScript: Knowledge of JavaScript is expected for tasks involving web application security and tool integration.
- AI: This role requires hands-on experience applying AI to automate security processes and build reusable components.
- LLMs: Experience with LLMs is needed for automating security tasks like vulnerability management and compliance evidence collection.
Who this role suits
- You have a background in both product/application security and security operations, with at least five years of hands-on experience.
- You possess an adversarial mindset, consistently challenging assumptions and thinking like an attacker to identify potential vulnerabilities.
- You have a track record of leading security projects from initial evaluation through to successful organization-wide implementation.
- You communicate clearly, effectively explaining technical risks and driving remediation efforts to completion.
From the employer
- Threat model new product features and integrations and harden systems with effective controls.
- Operate and evolve the application security toolchain (SAST, dependency and supply-chain checks, secrets scanning) and keep it high-signal for developers.
- Own day-to-day security operations across the detection stack (EDR, SIEM, on-chain monitoring, identity, cloud): triage what fires, resolve what matters, and reduce noise.
- Triage vulnerability and bug-bounty findings by real exposure, drive remediation, and support incident response end to end.
- Take security tooling and projects from evaluation through org-wide rollout, collaborating across engineering, infra and other teams.
- Automate repetitive, judgment-light security work with AI: vulnerability and AppSec workflows, access reviews, SOC 2 and audit evidence collection, vendor due diligence, and recurring reporting.
- Build reusable AI components, Claude skills, and agents that engineering and other functions can adopt.
- 5+ years in hands-on security engineering spanning product or application security and security operations.
- Track record of technical security assessments of software and systems, including system hardening, security policy analysis and implementing effective controls.
- An adversarial mindset: you think like an attacker and pressure-test assumptions, including your own.
- Proficiency in Python, TypeScript, or JavaScript, working with Claude Code, Codex or similar AI tools.
- Hands-on experience applying AI and LLMs to automation and building reusable tooling or components that other engineers adopted.
- Experience owning security projects end to end, from vendor selection through org-wide rollout, across multiple teams.
- Experience securing high-value or high-throughput transaction systems.
- Clear communication: you explain risk plainly and drive findings to closure.
- Remote first - work from anywhere in the US & CAN!
- Regular in-person company retreats and cross-country "office visit" perk
- 100% paid medical, dental and vision premiums for employees
- $1,000 WFH stipend
- Monthly reimbursement for home internet, phone, and cellular data
- Unlimited vacation
- 100% paid parental leave of 12 weeks
- Fertility benefits
- Opportunity for incentive compensation
Please note at this time our hiring is reserved for potential employees who are able to work within the contiguous United States and Canada. Should you need alternative accommodations, please note that in your application.
Questions about this role
What is the remote work policy for this role?
This is a remote-first position, open to candidates located anywhere within the contiguous United States and Canada.
What is the expected seniority level for this position?
This is a senior-level security engineering role, requiring a track record of technical security assessments and project ownership.
What technical skills are required for this role?
Candidates should be proficient in Python, TypeScript, or JavaScript, and have hands-on experience with AI and LLM tools for automation.