Security Engineer

United StatesRemotemid

EngineeringSecuritySecurity EngineerCybersecurity

0 views0 saves0 applied

Apply Now

Quick Summary

Requirements Summary

threat modeling, secure design review, whitebox code review,

Technical Tools

EngineeringSecuritySecurity EngineerCybersecurity

Jito builds the Market Layer of Solana: the execution systems, capital markets, and incentive mechanisms that power real markets on-chain.

Our products process billions in daily transaction value. The Jito-Solana validator client runs on the vast majority of Solana's active stake. BAM is redefining how blocks get built. JitoSOL is the leading liquid staking token on the network. We are not building at the margins. We are building core infrastructure that Solana's economy runs on.

Now we're moving up the stack, bringing that same infrastructure advantage to products that traders and users interact with directly.

We're around 25 people, we have product-market fit across multiple product lines and years of runway. We take hard problems seriously and move fast on them. Nothing is out of reach.

About the role:

We’re growing our security team and looking for an engineer who can own a broad operational and technical scope - someone equally at home triaging an access request, running a security review, or building a custom testing framework. This role will report directly to the Head of Security, working closely to strengthen and scale our security posture across the organization.

Identity and access management - provisioning, lifecycle operations, and monitoring for critical changes

Security reviews across our product portfolio - threat modeling, code review, fuzzing, and functional testing

Day-to-day bug bounty operations - triage, remediation tracking, and escalation of high-severity findings

AI security research and tooling - adversarial testing frameworks for agent controls, with a focus on reusable patterns

Software supply chain monitoring - malicious package detection beyond standard CVE scanning

External penetration test coordination - scoping, logistics, and post-engagement remediation tracking

Compliance documentation and evidence gathering as requirements emerge

A software engineering background is essential - you've built production systems and that foundation shapes how you approach security

You've since moved into product security and are fluent in the full lifecycle: threat modeling, secure design review, whitebox code review, and vulnerability testing

Solid understanding of identity and access management concepts and tooling

Genuine interest in AI security with the ability to build adversarial testing tooling

A thoughtful approach to software supply chain risk beyond checkbox scanning

Strong written communication - documentation is a real part of this job

Comfortable with high ownership and working autonomously on a small team

Experience in Wev3, crypto, or defi

Bachelor's degree in Computer Science, Computer Engineering, or a related technical field

5+ years of professional experience, with a meaningful portion in software engineering before transitioning into security

Proficiency in at least one systems or backend language (e.g. Rust preferred, Go, C++, Python) - you will be expected to write code, build tooling, and read production codebases as a routine part of this role

Demonstrated experience in product or application security - not solely infrastructure or compliance-focused roles

Track record of building security tooling or automation from scratch

Experience conducting or leading security reviews on production software systems

Hands-on experience with mobile device management (MDM) platforms and endpoint policy enforcement

Familiarity with enterprise IAM systems and SSO - configuration, integration, and audit

Experience with privileged access management (PAM) tooling and the operational patterns around it

Strong Linux administration skills - comfortable at the command line, understanding of kernel-level security primitives, and experience hardening Linux environments

Experience with multisig schemes - signing policy design, quorum configuration, or key management in a production context

Familiarity with hardware security modules (HSMs) - integration, key lifecycle management, or operational use

Exposure to trusted execution environments (TEEs) - understanding of attestation, confidential compute, or secure enclave design

Salary based on experience

Above-market total compensation and multiple forms of equity

100% employer-paid health benefits

All-expenses-paid team retreats and conferences

Weekly meal voucher