About the Aptos Foundation
The Aptos Foundation is committed to growing the Aptos ecosystem in a safe, secure, and scalable way. As we expand our global presence, secure development and responsible participation in the Web3 world is more critical than ever. We're looking for a Security Lead, Web3 to organize security strategy and incident response, help grow internal security culture, and serve as a key bridge between technical development and ecosystem integrity.
About the Role
We are looking for a technically grounded and crypto-native leader who can oversee the operational security of a fast-moving foundation — while remaining close to the code, close to the risks, and proactive in incident readiness. You’ll define and own our security posture, help implement key security tooling (e.g. Sentinel One), and collaborate closely with engineering, DevOps, and protocol teams to mitigate risks, especially in environments without centralized controls.
You will also work cross-functionally with Aptos Labs security stakeholders, but with a clear mandate to address the foundation’s specific infrastructure, employee endpoint risks, and incident response.
Responsibilities
Own and lead the security function at the Aptos Foundation, including endpoint, infrastructure, and data protection strategy
Provide hands-on technical insight into smart contract updates, protocol-level debugging, and developer support as needed
Serve as a thoughtful, rigorous security voice in the broader Web3 ecosystem – not for setting standards, but for upholding strong internal practices
Evaluate and implement security tools and services such as device management (e.g., Rippling) and threat detection (e.g., Sentinel One)
Lead incident response planning and execution, including endpoint compromise or phishing mitigation across a globally distributed team
Partner with Labs teams where relevant, ensuring clear coordination without compromising Foundation autonomy
Requirements
5+ years in security roles, ideally with hands-on engineering experience
Prior experience working in or around Web3/crypto environments – you understand the risks and the code
Familiarity with endpoint protection, secure cloud configurations, and decentralized tech stacks
Able to roll up sleeves and debug protocol- or application-level issues
Low-ego, high-rigor approach — comfortable operating without excessive hierarchy or titles
Strong judgment in distinguishing operational security needs from abstract compliance requirements
Ability to grow and lead a small security team over time
Nice to Have
Experience scaling security functions in a high-growth or startup environment
Experience with contract debugging or collaborating with protocol engineers
Knowledge of relevant legal/regulatory considerations in crypto security
Note: We're looking for someone who thrives in a dynamic, high-autonomy environment — not someone whose expectations are shaped by large corporate org charts or frameworks. You’ll be building the system, not maintaining one.
