Logo Decentralized Masters

DevOps Security Engineer

Decentralized Masters

Job

  • Level
    Senior
  • Job Feld
    IT, DevOps, Test/QA
  • Anstellung
    Vollzeit
  • Vertragsart
    Unbefristetes Dienstverhältnis
  • Ort
    Berlin
  • Arbeitsmodell
    Full Remote, Onsite

    • Job Zusammenfassung

    In diesem Job bist du für die Sicherheitsstrategie einer Plattform verantwortlich, implementierst Tests, führst Penetrationstests durch und entwickelst Code, um Sicherheitslücken zu schließen und die Softwarequalität zu gewährleisten.

    Job Technologien

    Deine Rolle im Team

    • You will be the single person responsible for the security of a platform that tracks hundreds of millions in digital assets. That is the job. Everything else is secondary.
    • Your primary responsibilities are security and quality assurance. You own penetration testing, vulnerability assessments, threat modeling, automated test frameworks, and CI quality gates across every product we ship.
    • You also own infrastructure: AWS, CI/CD pipelines, monitoring, and incident response.
    • And because we are a small, senior team, you will write production code when security and QA responsibilities are covered.
    • Security (Primary): Own the security posture across all products: Legacy, Trading Bot, and future platforms.
    • Conduct regular penetration testing, vulnerability assessments, and threat modeling aligned with OWASP standards and methodologies.
    • Ensure full coverage of the OWASP Top 10 in application security testing, code reviews, and deployment checks.
    • Perform security-focused code reviews across frontend, backend, and infrastructure code, catching what standard code reviews miss.
    • Implement and manage secrets management (Vault, AWS Secrets Manager, or KMS), access controls, and least-privilege policies.
    • Build and maintain incident response playbooks. When something breaks, you lead the response, run the post-mortem, and ship the fix.
    • Stay ahead of Web3 and crypto-specific attack vectors: phishing campaigns, wallet exploits, API key compromises, supply chain attacks, and social engineering.
    • Manage and coordinate external security audits and penetration tests from third-party firms.
    • Quality Assurance & Testing (Primary): Design and implement test strategies across all products: unit tests, integration tests, end-to-end tests, API tests, and regression suites.
    • Build and maintain automated testing frameworks and CI quality gates that prevent broken code from reaching production.
    • Define and track quality metrics: test coverage, flakiness rate, regression detection latency, and bug escape rate.
    • Write and execute security test cases: authentication flows, authorization controls, input validation, API abuse scenarios, and edge cases around financial data.
    • Perform both white-box and black-box testing, leveraging full codebase access to catch issues that surface-level QA would miss.
    • Test across the full stack: frontend UI, backend APIs, database queries, third-party integrations, and on-chain interactions.
    • Infrastructure & DevOps (Foundation): Maintain and improve cloud infrastructure on AWS using Infrastructure as Code (Terraform or CloudFormation).
    • Own CI/CD pipelines (GitHub Actions preferred): automated testing, security scanning, linting, and deployment.
    • Harden infrastructure: network security, IAM policies, container security, and environment isolation.
    • Build logging, monitoring, and alerting across all services (CloudWatch, Prometheus, Grafana, or equivalent).
    • Ensure audit trails for user actions, system changes, and access events.
    • Manage production reliability, incident response, and cost optimization.
    • Fullstack Development (When the fortress is secure): Contribute production code across frontend and backend, bringing a security-first mindset to every feature you build.
    • Build features, fix bugs, and ship improvements alongside the engineering team.
    • Every line you write should make the product better and harder to break: input validation, error handling, authentication, and data protection by default.
    • Participate in architecture discussions and code reviews, advocating for testability, reliability, and security in every decision.

    Unsere Erwartungen an dich

    Qualifikationen

    • Strong working knowledge of OWASP standards, including the OWASP Top 10, OWASP Testing Guide, and OWASP secure coding practices.
    • AWS expertise (EC2, ECS/EKS, Lambda, VPC, IAM, S3, RDS, CloudFront, WAF).
    • Container technologies: Docker and Kubernetes in production environments.
    • Scripting and automation proficiency in Bash and Python.
    • Familiarity with security and testing tools (Burp Suite, OWASP ZAP, Selenium, Cypress, Jest, Postman, or equivalent).
    • Strong communication skills: you can explain security risks and quality tradeoffs clearly to non-technical stakeholders.
    • Security certifications: OSCP, CISSP, CompTIA Security+, AWS Security Specialty, or equivalent.
    • Familiarity with Web3-specific security concerns: wallet security, key management, on-chain monitoring, phishing mitigation.
    • Bug bounty participation, CVE publications, or contributions to open-source security tooling.

    Erfahrung

    • 5+ years in software engineering roles with meaningful, hands-on security and QA experience. We will verify this. If your security experience is theoretical, this is not the right fit.
    • Fullstack development experience: you can build and ship features across frontend (React or equivalent) and backend (Node.js, Python, Go, or equivalent).
    • Hands-on penetration testing and vulnerability assessment experience across web applications, APIs, and cloud infrastructure.
    • Experience building automated test frameworks and integrating testing into CI/CD pipelines.
    • Infrastructure as Code experience (Terraform, CloudFormation, or Pulumi).
    • Experience with secrets management tools (HashiCorp Vault, AWS Secrets Manager, or similar).
    • Experience at a crypto, DeFi, Web3, or fintech product company (Coinbase, Phantom, Stripe, Casa, MetaMask, Zerion, Ramp, or similar).
    • SDET background or experience in a hybrid development-and-testing role.
    • Experience testing financial systems: payment flows, ledger integrity, double-spend prevention, or transaction monitoring.
    • Experience implementing zero-trust architectures.

    Unser Angebot

    • Competitive salary + performance-based incentives tied to retention & LTV improvement.
    • Direct exposure to founders.
    • Team Offsites.
    • Remote work.
    • High ownership, high-impact role.

    Themen mit denen du dich im Job beschäftigst

    Job Standorte

    • Standort Berlin

      Deutschland

    Das ist dein Arbeitgeber

    Decentralized Masters

    Decentralized Masters

    Decentralized Masters ist eine gemeinschaftsorientierte Plattform, die institutionelle Schulungen, persönliche Mentorships und tägliche Bildungsinhalte für Investoren im DeFi-Bereich anbietet. Das Unternehmen zählt mehr als 4.000 Mitglieder und legt den Schwerpunkt auf langfristige Vermögensstrategien mithilfe des proprietären ABN-Systems. Zudem entwickelt es eine Software-Division mit Produkten wie der Legacy Wallet und Trading Bots.

    Description

  • Unternehmenstyp
    Startup
  • Arbeitsmodell
    Full Remote, Onsite
  • Branche
    Bildungswesen
    • Logo Decentralized Masters

    DevOps Security Engineer

    Decentralized Masters
    Ort
    Berlin
    Arbeitsmodell
    Full Remote, Onsite
    Diversität
    Für alle Personen geeignet (m/w/d)
    Nur Englisch
    Nur Englisch erforderlich

    Weitere Jobs