Fridtjof Nansen crossed the Arctic, going places no human had ever been. Together with our users, we're doing the same onchain , and someone needs to make sure we don't get killed on the way there.

We're building the single best platform for onchain investing , agentic trading, staking infrastructure, AI-powered analytics , and we're scaling fast. Fast enough that security can't be an afterthought bolted on later. It has to be built in, from the start, by someone who knows what they're doing.

Our mission:

Surface the signal and create winners.

What you'll do at Nansen

You'll be the person who makes sure we can move fast without breaking things that matter. That means embedding security into everything we build , cloud infrastructure, applications, CI/CD pipelines, AI systems, staking operations , across a generalist role that spans the full surface area.

• Run security assessments across systems, architectures, and code , find the vulnerabilities before someone else does
• Advise engineering teams on secure design decisions. You're a partner, not a blocker
• Deploy and maintain security infrastructure: SIEM, vulnerability scanning, endpoint protection, logging , the things that let us sleep at night
• Secure our CI/CD pipelines and deployment workflows end-to-end
• Own secrets management, key management, and access controls. No shortcuts
• Address LLM security head-on: API key management, prompt injection prevention, and the risks that come with shipping AI-powered products at speed
• Coordinate penetration tests and security audits with external vendors
• Create and maintain secure coding guidelines and code review processes that engineers actually follow
• Represent the Security Team in the incident response process
• Drive compliance readiness , SOC 2, ISO 27001 , pragmatically, not bureaucratically

What we're looking for

• You've built and hardened production security at scale , you know the difference between a policy document and an actually secure system
• Strong cloud security knowledge (AWS, GCP or equivalent). Container security and network security fundamentals
• Hands-on experience implementing security tooling, not just evaluating it
• Secrets and key management expertise , you've managed this at a company where it actually mattered
• You understand the security implications of AI/LLM and agent-based systems. This is new territory and we need someone thinking about it seriously
• CI/CD pipeline security is second nature
• Pragmatic about compliance , you can get us to SOC 2 without drowning the engineering team in process
• You don't just use AI as a tool. You think with it. AI-first isn't a checkbox , it's how you work
• Strong async communication skills , we're remote-first, Slack-and-docs-heavy, and EMEA hours are preferred for team overlap
• Bonus: blockchain, smart contract, or staking infrastructure security experience. Kubernetes and Terraform security. Incident response or security operations background

What we offer our crew

• Competitive salary. Meaningful equity. Real ownership in what you build
• Fully remote with two no-meeting days a week , because deep work doesn't happen in a Google Meet
• Annual company retreat and team off-sites in one of our offices: Singapore, Bangkok, London, and Oslo , flights and accommodation covered
• Unlimited AI tokens , Claude, OpenAI, whatever helps you move fast
• Your own OpenClaw for work
• Nansen Pro account: giving you full access to the most detailed onchain data in the market
• A team that started as data engineers and data scientists that has grown to over 80 builders. Your craft is respected here.
• Speed, ownership, curiosity, courage. These aren't values on a wall , they're how we run.
• A front-row seat (and a hand in building) the next chapter of finance

XML job scraping automation by YubHub

Responsibilities:

Lead security audits of (a subset of) the Espresso codebase As a project leader, you will have mobility in how you choose to organize security and audit efforts Dive into the code of a fairly complex distributed system, learning and developing an understanding of the system on the fly (with help from the engineering team that built it, of course) Coordinate with several engineering teams to aid in your audit, raise concerns and communicate results, and guide the effort to harden the system based on your findings Coordinate with, manage, and review the work of external security auditing teams, in certain cases Suggest improvements to testing and engineering practices to promote more secure and maintainable code

Requirements:

Solid grasp of software engineering principles, both low-level (e.g. language-specific best practices) and high-level (e.g. reliable software architecture, particularly in distributed systems) If focused on Rust: ≥ 1 year experience writing Rust, particularly with async Rust. If focused on Solidity: Multiple years experience writing smart contracts; experience with smart contract security audits or formal verification of smart contracts Experience as an engineer or software architect in a security-critical industry Be capable of describing the stakes, the challenges you've faced in building secure software, and the steps/processes you've taken to mitigate risk Experience as an auditor, pentester, QA tester, etc. Have a well thought-out approach to testing software and designing it to be testable/auditable Ability to think adversarially, and identify potential reliability or security vulnerabilities even in software that is correct in common or “happy path” scenarios Experience on the design and/or testing of distributed systems Comfort diving into unknowns and asking questions

Preferred:

Knowledge of relevant testing and static analysis tools (e.g. Foundry, Slither) is a plus Blockchain knowledge/experience is preferred, but could also be include IoT, automotive, finance, etc. Ideally, the candidate should have a general philosophy of software design that has been molded by experience working on security-critical systems

Benefits:

Fully remote with flexible hours Work alongside the brightest minds in the crypto space Competitive salary + equity package Regular team off-sites to international locations Unlimited vacation policy Top-tier health, dental, and vision coverage for US employees

XML job scraping automation by YubHub