Staff/Senior Security Engineer - DeFi
Role in brief
Ethena Labs is seeking a Staff/Senior Security Engineer to lead security for their DeFi products, focusing on wallets and custodian accounts. This role involves designing signing regimes, managing allowlists, and monitoring real-time security. Ideal for experienced security professionals with deep knowledge of Solidity, EVM, and DeFi protocols, who can operate independently and produce audit-grade documentation.
About the role
This role involves taking full ownership of the security program for Ethena Labs' digital dollar products, specifically focusing on wallet and custodian account security. Key responsibilities include designing and evolving the signing regime, managing canonical address and contract allowlists, and operating real-time monitoring systems. The engineer will also conduct technical reviews of new protocol integrations and ensure ERC-20 approval hygiene across the treasury.
Success in this position means continuously upgrading security infrastructure, maintaining rigorous verification processes, and effectively integrating security with incident response workflows. The role requires a proactive approach to identifying and mitigating risks, ensuring that all security measures meet the expectations of auditors, underwriters, and institutional partners. This includes producing high-quality documentation for controls and decisions.
The engineer will collaborate with internal teams, including Finance, to ensure automated reconciliation between on-chain activity and accounting systems. This position is critical for maintaining the integrity and trust of Ethena Labs' products, which include USDe, iUSDe, and USDtb, as they expand their reach in the global financial system.
The listed salary range for this position is $112,000 to $188,000 USD.
Skills that matter here
- Solidity: The role requires mastery of Solidity to read arbitrary contracts and raw calldata for security analysis.
- EVM: Deep understanding of the Ethereum Virtual Machine is essential for analyzing contract behavior and security implications.
- Gnosis Safe: Practical experience with Gnosis Safe is needed for designing and managing multi-signature wallet security.
- Coinbase Prime: Knowledge of Coinbase Prime is required for securing custodian accounts and understanding their operational failure modes.
- Fireblocks: Experience with Fireblocks is necessary for managing and securing digital asset operations within the platform.
- DeFi protocols: Strong knowledge of DeFi protocols like Aave, Morpho, and Stargate is crucial for assessing integration risks and understanding their mechanics.
Who this role suits
- A person with a security-first mindset who naturally assumes a hostile environment and is energized by rigorous verification.
- Someone who possesses a 'vigilance disposition' and is committed to maintaining safety standards despite operational pressures.
- An individual who can clearly explain complex technical risks to non-technical stakeholders, including executives and auditors.
- A self-starter comfortable owning infrastructure end-to-end and capable of producing high-quality, audit-grade documentation independently.
From the employer
What You’ll Do:
- Own the end-to-end design of our signing regime, including signer composition, thresholds, and intent communication, and continue evolving our pre-signature verification workflows for destination, calldata, and state-change confirmation.
- Manage, maintain and continuously upgrade canonical address and contract allowlist system and infra that manages it, ensuring every whitelisting or approval action is checked against this list pre-signature, requiring documented review for any additions.
- Operate and tighten real-time monitoring across wallets, custodians, and DeFi positions, keep it integrated with our SOC 2 incident-response workflows, and contribute to playbooks for evolving risk scenarios.
- Run independent technical reviews of new protocol integrations and keep our risk register current as positions and dependencies evolve.
- Continuously verify ERC-20 approval hygiene across the treasury, and partner with Finance on automated reconciliation between on-chain activity and accounting systems.
- Own the process of producing the documentation of controls, tooling, and decisions that our auditors, underwriters, and institutional counterparties expect.
What We’re Looking For:
- Mastery of Solidity and the EVM; you can read arbitrary contracts and raw calldata without assistance. You are fluent in tools such as Tenderly, Foundry-based simulation, and trace analysis.
- Deep practical experience with Gnosis Safe, Coinbase Prime, Anchorage, and Fireblocks. Strong understanding of the operational failure modes inherent in browser-based custodian extensions and hardware wallet signing flows.
- Strong practitioner-level knowledge of DeFi protocols like Aave, Morpho, and Stargate. You understand risk parameters, oracle structures, and bridge message-passing mechanics.
- A security-first mindset that assumes a hostile environment by default. You possess a "vigilance disposition" - you are energized by rigorous verification and are committed to maintaining safety standards even when facing operational pressure.
- Proven ability to explain technical risks to non-technical stakeholders (COO team, executives, auditors). You are a self-starter comfortable owning infrastructure end-to-end and producing high-quality, audit-grade documentation.
Why Ethena Labs?
- You'd be joining a group that has well established itself as one of the most successful crypto-native company's of all time, a group with a mission to revolutionise decentralised finance and it's position in global finance.
- Work alongside a passionate and innovative team that values collaboration and creativity.
- Enjoy a flexible, remote-friendly work environment with established opportunities for personal growth and learning.
Questions about this role
What is the remote work policy for this role?
This is a fully remote position.
What is the expected seniority level for this position?
This role is for a Staff/Senior Security Engineer.
What is the salary range for this position?
The salary range for this role is between $112,000 and $188,000 USD.