Senior Application Security Engineer - Remote

About the Role

We are seeking a Senior Application Security Engineer to join our mission-driven team at the Stellar Development Foundation (SDF). This remote position offers an exciting opportunity to work on cutting-edge blockchain technology and contribute to creating equitable access to the global financial system. You will be instrumental in shaping and scaling the security program across the Stellar ecosystem, ensuring the safety of our network and its users.

What You'll Do

• Vulnerability Management & AppSec: Own the end-to-end lifecycle of our security stack, managing schedules and partnering with engineering to drive remediation.
• Manual Assessments: Conduct deep-dive security reviews of SDF codebases, APIs, and infrastructure configurations regularly.
• Third-Party Audits: Manage external audits from scoping to final report, ensuring effective communication and remediation.
• Incident Leadership: Act as the lead for security incidents, managing triage, containment, forensics, and stakeholder communication.
• Detection Engineering: Write, tune, and maintain detection rules to ensure our alert library remains relevant and actionable.
• Bug Bounty Orchestration: Manage SDF’s programs on HackerOne and Immunefi, triaging submissions and coordinating with engineering.
• Community Engagement: Represent SDF in community forums and at conferences, sharing insights derived from real operational work.
• Developer Enablement: Write and maintain security guidance for Stellar and Soroban developers, including secure coding standards.

Requirements

• 10+ years of experience in SecOps, AppSec, or Detection Engineering.
• Proficient in writing complex detection logic and managing alert fatigue in platforms like Splunk or Elastic.
• Experience leading high-pressure incidents through the entire lifecycle.
• Comfortable auditing AWS environments using tools like Prowler or Steampipe.
• Hands-on experience with modern security tools: Wiz, Semgrep, CodeQL, tfsec.

Nice to Have

• Experience with the Stellar protocol or advanced smart contract auditing.
• Deep knowledge of eBPF-based runtime detection.
• Active contributions to open-source security projects.

What We Offer

• Competitive salary range of $140,000 - $170,000 based on experience.
• Comprehensive health, dental & vision coverage for employees and dependents.
• Flexible time off + 15 company holidays.
• Up to 12 weeks of paid parental leave.
• Gym reimbursement and wellness benefits.
• Learning & Development budget of $1,500/year.
• Daily lunch and snacks in the office.
• Company retreats and team-building activities.