Senior Application Security Engineer

Interested in working on cutting-edge blockchain technology and creating equitable access to the global financial system? Since 2014, the mission-driven team at the Stellar Development Foundation (SDF) has helped fuel the tremendous growth of the Stellar blockchain network, an open-source platform that operates at high-scale today. Developers and companies around the world build on it, and the SDF team is expanding to support the rapidly growing and changing Stellar ecosystem.

SDF is looking for a Senior Security Engineer to help shape and scale the security program across the Stellar ecosystem. This isn't a policy role; it’s an operational one. You will be responsible for executing the core technical work that keeps the network and its users safe: vulnerability management, bug bounty orchestration, incident response, and detection engineering.

In this role, you will:

Vulnerability Management & AppSec

• Orchestrate Scanning: Own the end-to-end lifecycle of our security stack (Wiz/Orca, Trivy/Grype, Semgrep/CodeQL, and Socket). You’ll manage schedules, tune outputs to reduce noise, and partner with engineering to drive remediation.

• Manual Assessments: Conduct deep-dive security reviews of SDF codebases, APIs, and infrastructure configurations on a regular cadence.

• Supply Chain & SBOMs: Monitor dependencies for newly disclosed CVEs using Dependabot and Socket; maintain and automate our Software Bill of Materials (SBOM) workflows.

• Third-Party Audits: Manage external audits from scoping to final report—handling info-sharing, findings intake, and public-facing remediation summaries.

Detection & Incident Response

• Incident Leadership: Act as the lead for security incidents: managing triage, containment, forensics, and stakeholder communication through to resolution.

• Detection Engineering: Dig through logs and investigate anomalies in the SIEM. You will write, tune, and maintain detection rules to ensure our alert library remains relevant and actionable.

• Forensics & Hunting: Perform deep-dive forensic work (log reconstruction, lateral movement analysis) and run proactive threat-hunting exercises based on current intel.

• Operational Readiness: Maintain IR playbooks and detection runbooks, ensuring they are updated with "hard-won" learnings after every significant event.

Ecosystem & Community

• Bug Bounty Orchestration: Manage SDF’s programs on HackerOne and Immunefi. You’ll triage submissions, calculate CVSS scores, coordinate with engineering for validation, and manage researcher payouts.

• Community Engagement: Represent SDF in community forums and at conferences, sharing insights derived from real operational work rather than hypotheticals.

• Developer Enablement: Write and maintain "paved road" security guidance for Stellar and Soroban developers, including secure coding standards and threat model templates.

You are:

• The 10-Year Veteran: You have a decade of experience across SecOps, AppSec, or Detection Engineering, with a proven track record of owning high-volume security programs.

• The SIEM Expert: You are proficient in writing complex detection logic and managing alert fatigue in platforms like Splunk, Elastic, or Chronicle.

• The Battle-Tested Responder: You’ve led high-pressure incidents through the entire lifecycle, from initial "bump in the night" to the final post-mortem.

• Cloud Native: You are comfortable auditing AWS environments (IAM, VPC, Logging) using tools like Prowler, Steampipe, or Cloud-native APIs.

• Tech Stack Proficient: You have hands-on experience with the modern security stack: Wiz, Semgrep, CodeQL, tfsec, and osquery.

• Communication Pro: You can translate a complex exploit into a clear risk assessment for leadership and a "how-to-fix" guide for engineers.

Bonus points if you have:

• Experience with the Stellar protocol, XDR, Horizon API, or the Soroban (Rust/WASM) smart contract ecosystem.

• Deep knowledge of eBPF-based runtime detection (Falco/Cilium).

• Experience in Formal Verification or advanced smart contract auditing.

• Active contributions to open-source security projects or published research.

We offer competitive pay with a base salary range for this position of $140,000 - $170,000 depending on job-related knowledge, skills, experience, and location. In addition, we offer lumen-denominated grants along with the following perks and benefits:

USA Benefits/Perks:

• Competitive health, dental & vision coverage with most plans covered at 100% for the employee + any dependents

• Flexible time off + 15 company holidays including a company-wide holiday break

• Up to 12 weeks of paid parental leave for both non-birthing and birthing parents, as well as up to 14 weeks of paid pregnancy leave for birthing parents

• Gym reimbursement ($80 per month)

• Life & ADD (up to $50K)

• Short & Long term disability

• 401K with 4% match

• Health & Dependent Care FSA Accounts

• Commuter benefits with $250/month employer contribution

• Health Savings Account (HSA) with monthly employer contribution

• Family building benefits through Kindbody

• Wellbeing benefits (One Medical, Rightway, Headspace)

• L&D budget of $1,500/year

• Daily lunch and snacks in office

• Company retreats

About Stellar

Stellar is more than a blockchain. Powered by a decentralized, fast, scalable, and uniquely sustainable network made for financial products and services and a thriving and passionate ecosystem that includes a non-profit organization driven by a mission, Stellar is paving the path to unlock the world’s economic potential through blockchain technology. Built with speed and low costs in mind, the Stellar network provides builders and financial institutions worldwide a platform to issue assets, and to send and convert currencies in real time creating real world utility. Founded in 2014, the Stellar Development Foundation (SDF) supports the continued development and growth of the Stellar network and also serves the ecosystem of NGOs, corporations, universities, small businesses, governments, and solo entrepreneurs building on the Stellar network through tooling, funding and strategic collaborations. Together, Stellar is where blockchain meets the real world.

About the Stellar Development Foundation

The Stellar Development Foundation (SDF) is a non-profit organization focused on working with and supporting change-makers to create equitable access to the global financial system through blockchain technology. SDF provides grants, investments, funding, and other awards to builders and organizations. SDF also develops resources and tooling on the Stellar network to help unlock real world utility. As a nonprofit foundation, SDF puts the health of the Stellar network and the Stellar ecosystem and its mission above all else.

We look forward to hearing from you!

Privacy Policy

By submitting your application, you are agreeing to our use and processing of your data in accordance with our Privacy Policy.

SDF is committed to diversity in its workforce and is proud to be an equal opportunity employer. SDF does not make hiring or employment decisions on the basis of race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law.