Senior Security Engineer

Talent Wanted. For hazardous journey. Small wages, bitter cold, long months of complete darkness, constant danger, safe return doubtful. Honour and recognition in case of success.

Fridtjof Nansen crossed the Arctic, going places no human had ever been. Together with our users, we're doing the same onchain — and someone needs to make sure we don't get killed on the way there.

Nansen is a special company. We're building the single best platform for onchain investing — agentic trading, staking infrastructure, AI-powered analytics — and we're scaling fast. Fast enough that security can't be an afterthought bolted on later. It has to be built in, from the start, by someone who knows what they're doing.

Our mission: Surface the signal and create winners.

You'll be the person who makes sure we can move fast without breaking things that matter. That means embedding security into everything we build — cloud infrastructure, applications, CI/CD pipelines, AI systems, staking operations — across a generalist role that spans the full surface area.

• →Run security assessments across systems, architectures, and code — find the vulnerabilities before someone else does
• →Advise engineering teams on secure design decisions. You're a partner, not a blocker
• →Deploy and maintain security infrastructure: SIEM, vulnerability scanning, endpoint protection, logging — the things that let us sleep at night
• →Secure our CI/CD pipelines and deployment workflows end-to-end
• →Own secrets management, key management, and access controls. No shortcuts
• →Address LLM security head-on: API key management, prompt injection prevention, and the risks that come with shipping AI-powered products at speed
• →Coordinate penetration tests and security audits with external vendors
• →Create and maintain secure coding guidelines and code review processes that engineers actually follow
• →Represent the Security Team in the incident response process
• →Drive compliance readiness — SOC 2, ISO 27001 — pragmatically, not bureaucratically

• You've built and hardened production security at scale — you know the difference between a policy document and an actually secure system
• Strong cloud security knowledge (AWS, GCP or equivalent). Container security and network security fundamentals
• Hands-on experience implementing security tooling, not just evaluating it
• Secrets and key management expertise — you've managed this at a company where it actually mattered
• You understand the security implications of AI/LLM and agent-based systems. This is new territory and we need someone thinking about it seriously
• CI/CD pipeline security is second nature
• Pragmatic about compliance — you can get us to SOC 2 without drowning the engineering team in process
• You don't just use AI as a tool. You think with it. AI-first isn't a checkbox — it's how you work
• Strong async communication skills — we're remote-first, Slack-and-docs-heavy, and EMEA hours are preferred for team overlap
• Bonus: blockchain, smart contract, or staking infrastructure security experience. Kubernetes and Terraform security. Incident response or security operations background