Job Overview
Location
USA (Remote)
Job Type
Full-time
Category
Security Engineer
Date Posted
May 16, 2026
Full Job Description
đź“‹ Description
- • Own the operational and software security of the Sui blockchain, wallet, Move language, and other Mysten systems, ensuring the integrity of critical infrastructure.
- • Maintain and enhance custody systems that securely store validator keys, operational keys, and important on-chain objects, managing key generation, storage, access controls, signing workflows, rotation, and recovery procedures.
- • Harden the end-to-end signing path by reviewing and improving code, infrastructure, and operational practices for transaction authorization, review, and on-chain submission.
- • Build and scale anti-scam and anti-abuse tooling to detect phishing sites, malicious dApps, drainer contracts, and other threats targeting Sui users, collaborating with wallet ecosystem teams on mitigation strategies.
- • Conduct rigorous code and design reviews of components handling sensitive keys or on-chain assets, focusing on cryptographic correctness, access control, and operational safety.
- • Lead investigation and response efforts for security incidents involving custody systems or ecosystem abuse, driving root-cause fixes to prevent recurrence of similar issues.
- • Serve as the primary point of contact for third-party audit engagements and bug bounty reports, ensuring timely, accurate, and actionable responses to identified vulnerabilities.
- • Collaborate closely with engineering teams developing sensitive components of the Sui ecosystem to embed security best practices throughout the development lifecycle.
- • Design and implement security controls tailored to the unique risks of decentralized protocols, balancing functionality with robust protection against theft, fraud, and manipulation.
- • Analyze and mitigate risks associated with cryptographic implementations, identifying common misuses of cryptographic systems in production environments.
- • Operate autonomously in ambiguous environments, diving into unfamiliar codebases to identify vulnerabilities and implement fixes without relying on handoffs.
- • Communicate complex security findings clearly to both technical engineers and non-technical stakeholders, translating risk into actionable insights for decision-makers.
- • Stay current with evolving threats in the web3 ecosystem, proactively adapting security posture to counter emerging attack vectors targeting blockchain infrastructure and user assets.
- • Contribute to the development of security standards and documentation for internal teams and external partners interacting with Mysten’s systems.
- • Participate in on-call rotations for incident response, ensuring rapid detection and resolution of critical security events across global production systems.
🎯 Requirements
- • 3+ years of hands-on experience in security engineering, application security, or product security.
- • Knowledge of key management in production environments, including HSMs, cloud KMS, MPC, threshold-signature systems, or hardware wallets.
- • Proficiency in one or more of: Rust, TypeScript, Python, or Move, with experience reviewing and writing security-sensitive code.
- • Solid understanding of applied cryptography fundamentals and common cryptographic system misuses in practice.
- • A builder mentality: comfortable operating with ambiguity, diving into unfamiliar codebases, and shipping fixes independently.
- • Strong written and verbal communication skills to explain security issues to engineers and non-technical stakeholders.
🏖️ Benefits
- • Remote-first work environment with flexibility to work across the world.
- • Opportunity to build foundational infrastructure for the next billion users in web3.
- • Competitive compensation backed by a $300M Series B round from top-tier venture funds including Jump Crypto, a16z, Binance Labs, Redpoint, and Coinbase Ventures.
- • Participation in a world-class team with rapid growth potential in the decentralized infrastructure space.
- • Employment contingent on successful completion of a background check covering employment history, education, and criminal record verification.
- • Use of technology-assisted AI tools during the hiring process to improve efficiency and fairness, with final decisions made by human reviewers.
Skills & Technologies
Python
TypeScript
Rust
Remote
About Mysten Labs, Inc.
Mysten Labs is a San Francisco-based technology company that designs and builds foundational infrastructure for decentralized networks. The firm created the Sui blockchain, a high-performance Layer-1 network using the Move programming language, and develops associated tooling, SDKs, and developer frameworks. Founded in 2021 by former Meta Novi Research engineers, the company focuses on scalability, low-latency consensus, and secure smart-contract execution to enable consumer-friendly Web3 applications.
Get more remote jobs like this
Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.
Newsletter
Weekly remote jobs and featured talent.
No spam. Only curated remote roles and product updates. You can unsubscribe anytime.
