Context

Dfns is a cybersecurity company that builds custody SaaS protocol for web3 apps. Think of it as a developer tool that provides secure cloud for crypto. Our mission is to bring serenity to DeFi by eliminating new blockchain risks and making crypto transactions easier, faster, more affordable, and compliant with existing regulations.

From fintechs to large banks to e-commerce sites, Dfns gives financial institutions and businesses the freedom to own and transfer crypto on a battle-designed security infrastructure. Our API is designed to offer best-in-class developer experience allowing any platform to deploy custodial wallets in a matter of days, with streamlined feature delivery and frequent security upgrades.

Founded in 2020 in Paris, Dfns is a startup incubated at Station F (awarded Future 40), accelerated by Techstars and recognized DeepTech by the French Ministry of Economy. Our company is fully remote with offices in Paris, Amsterdam, New York, London, Stockholm, Sofia, and other cities.

Job Description

You will contribute to one of the most ambitious technology projects in crypto today: building a trustless custody infrastructure for the trillion-dollar digital asset industry.

This position reports directly to the CISO and plays a primary role in the security of Dfns. You will join an amazing team of leaders (CTO, VP of Research, CISO) and experts (AppSec Engineers, R&D Engineers, OffSec Engineers) in a highly challenging and collaborative environment.

We are looking for a Infra Security Engineer to run Infrastructure Security within our company. You will have to demonstrate excellent surveillance and emergency response skills. You will need a strong commitment to security rules and knowledge of all hazards and threats to safety. Ultimately, you will work to ensure the security of our business information, employee data and client information throughout our entire network.

As Infra Security Engineer, you will detect insecure features and malicious activities within our networks and infrastructure. You will implement customized application security assessments for client-based asset risk, corporate policy compliance as well as conduct vulnerability assessment. You must have an advanced understanding of Cloud security practices, Cloud automation tools, Logging and monitoring systems, SIEM, SOAR, Kubernetes, Lambda functions, TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements. Your focus is not only limited to assessing whether vulnerabilities exist but also how those risks could be mitigated. The ideal candidate loves security and possesses both deep and wide infosec expertise. You will make things more secure by protecting system boundaries, keeping computer systems and network devices hardened against attacks and securing highly sensitive data.

Resposibilities

Your primary goal will be to create and preserve environments where employees, clients and assets are monitored, safe, and well-protected.

Your day-to-day projects will involve:

• Build cloud-based Logging and monitoring system

• Build state-of-an-art SIEM capabilities

• Review cloud security controls and suggest best practices

• Build/Provision Cloud automation tools

• Be a member of the Security Operations Center

• Perform support in security operations including monitoring and alerting

• Support internal and external pen-testing engagements

• Participate in application security reviews including security code review, architectural design review, and dynamic testing.

• Help Infrastructure Engineers in security best practices.

• Facilitate and support the preparation of security releases.

• Assist in the creation of security training.

• Assist in development of automated security testing to validate that secure coding best practices are being used.

• Assist in Pen-testing practices (purple teaming)

• Work with external pen testing firms

• Sharing the big picture to your team, defining the levels of priority within the product roadmap, and being accountable for the deadlines and the quality of production.
• Acting as a powerhouse of ideas on all security and technical issues.
• Determining security violations and inefficiencies by conducting periodic audits.
• Analyzing security systems, researching weaknesses, reporting possible threats or software issues, and finding ways to counter them on a daily basis.
• Creating and maintaining artifacts for dependencies
• Finding and removing outdated and vulnerable code and code libraries.
• Detecting and responding to company-wide security incidents.
• Running security forensics in the case of a cyber attack and/or a data leak.
• Identifying and mitigating complex security vulnerabilities before an attacker exploits them.
• Taking initiatives to curb known abusive activity, and identifying unknown abuse vectors.

Requirements

• At least 10 years of experience in the field of Information Security
• At least 3 years of experience in DevSecOps
• Strong experience with Linux administration
• Fluency with AWS, Kubernetes, Terraform, ELK, Prometheus
• Fluency with Bash, Python or GoLang
• Experience working with vulnerability scanning and container security tools
• Experience working with microservice-based systems
• Experience in AWS Lambda functions and serverless systems

• Experience with scaling and performance of large systems

• Experience in Digital Asset Wallets is a plus

• Deep understanding in Supply chain attacks

• Experience with OWASP, static/dynamic analysis, and common security tools.

• Deep understanding of network and web related protocols (such a TCP/IP, UDP, TPSEC, HTTP, HTTPS, protocols).

• Deep understanding in mTLS implementation

• Deep understanding in applied cryptography

• Familiarity with cloud security best practices.

• Demonstrate strong written and verbal communication skills.

• Be a huge fan of blockchain technology and cryptocurrencies.

• Experience implementing Security Certifications

• Understand full attack lifecycle
• Appetite for Cybersecurity, Fintech, Blockchain and/or Crypto industries

• BS (or equivalent) in Computer Science, Computer Engineering or related field.

• [Bonus] Hands-on experience and willingness to contribute to open source projects.

• [Bonus] Proven track record working on developer tools, cybersecurity software, infra products, and/or API products.

• [Bonus] Proven work experience in blockchain, DeFi and/or cybersecurity industries.

• [Bonus] Extensive knowledge about the crypto custody industry and its use cases.
• [Bonus] Certifications such as CISSP, GSEC, CEH or CISM are appreciated.
• [Bonus] Experience from national or international military/cyber defense bodies

Benefits

• Title: Pr/Sr Infrastructure Security Engineer
• Salary: $140-300K avg base
• Equity: 0.2-0.6% (≈ €7.2-21.8M in case of €2B exit).
• Bonus: Peer and spot bonuses after 8 months with us.
• Location: Hybrid. You can either work in our offices, from home, or remote.
• Paid time off: No less than 30 days per year, plus national holidays.
• Employee benefits: Healthcare, life insurance, retirement plan, sponsored transportation, gym cards, food, Apple devices and home office equipment, tuition fee assistance, team retreats, and more.