Lead Security Engineer

Midas is pioneering the future of asset tokenization by offering exposure to institutional-grade securities and structured products onchain - accessible, global, and compliant. Co-founded by former investment professional Dennis Dinkelmeyer and seasoned serial entrepreneur Fabrice Grinda, Midas aims to bridge the gap between traditional and decentralized finance.

Since launching in October 2024, Midas has grown to over $1b in total value locked (TVL) across its range of investment products, reflecting strong market fit and demand. The company raised a $9m seed round from top-tier investors including BlockTower, Framework Ventures, and Coinbase Ventures and others – now Midas is looking for outstanding talents to scale and execute on its vision of a more open and efficient financial system.

We are looking for our first Security Engineer to own and build the security foundations of Midas (Web2 + Web3). This role is critical to protecting our infrastructure, products, and users as we scale beyond $1B TVL. You will work closely with engineering, DevOps, and leadership to design and implement security best practices across the company:

• Web2 & Web3 Security: Secure smart contracts, APIs, and user-facing applications.
• Infrastructure Security: Harden GCP/AWS/Cloudflare environments, networks, and endpoints.
• Supply Chain Security: Ensure secure build and deployment processes through CI/CD hardening, dependency governance, artifact signing, and comprehensive SBOM management.
• Monitoring & Detection: Deploy monitoring tools (SIEM, anomaly detection, alerts) for infra and on-chain activity.
• Company Security Posture: Lead security audits, access controls, secrets management, and incident response.
• Policies & Awareness: Define security policies, run internal training, build a culture of security-first engineering.
• Vendor & Partner Due Diligence: Assess risk of external tools, services, and integrations.
• Incident Response & Playbooks: Establish and run IR processes for potential threats, exploits, or breaches.

• Strong experience in security engineering (infra, cloud, or product).
• Familiarity with blockchain/Web3 ecosystems and their unique threat models.
• Ability to work as a generalist and builder, setting up the security foundation of the company.
• Hands-on, pragmatic approach comfortable being both architect and executor.

• Compliance & Certifications: SOC2, ISO27001, GDPR alignment (with external partners at first).
• Key & Wallet Security: HSMs, MPC, custody solutions for on-chain assets.
• Red Teaming / Pentesting: Either hands-on or coordinating with external providers.
• Bug Bounty / External Research: Manage relations with external auditors and bounty platforms.

• Agile, globally distributed team with a strong mission
• Flexible, remote-first culture. Focus on outcomes, not hours
• Fast-growing company at the cutting edge of tokenization and DeFi
• Early responsibilities and ownership from day one
• Open & transparent culture where your ideas matter
• Regular team trips and offsites
• Competitive salary and growth opportunities