Director, Ecosystem Product Security

Responsibilities

• Define and lead the Foundation's security strategy across both the Stellar ecosystem and Foundation-owned systems
• Raise the practical security baseline for key ecosystem participants, including wallets, infrastructure providers, custodians, issuers, and validators
• Publish actionable guidance, reference patterns, and security expectations that drive real adoption across the ecosystem
• Build coordination mechanisms for shared risks, incident response, and cross-ecosystem security improvement
• Own security outcomes for Foundation-developed software, Foundation-operated infrastructure, and treasury / custody-related responsibilities
• Partner with Engineering, Finance, Legal, IT, and Corporate Security to drive implementation of security controls and secure operating practices
• Lead secure development efforts across architecture, threat modeling, vulnerability management, bug bounty programs, and product incident response
• Build and lead a high-performing security team, while translating strategy into execution plans and measurable outcomes
• Represent the Foundation externally as a credible technical leader and convener on ecosystem security

Requirements

• 10+ years of experience in security, including significant experience in senior leadership roles
• 5+ years leading security programs, teams, or functions with meaningful scope
• A track record of owning security outcomes for complex, high-consequence systems in production
• Deep experience in product and application security, with hands-on judgment in real-world environments
• Strong familiarity with blockchain and decentralized system security
• The ability to assess and prioritize risk across areas such as protocol design, smart contracts, wallets, validators, dependencies, and governance mechanisms
• Experience driving security improvements across multiple teams, organizations, or ecosystem participants, including in environments where you do not have direct authority
• Strong incident judgment, including experience handling high-severity incidents and disclosure processes
• A pragmatic approach to security, with the ability to make tradeoffs that reduce real-world risk rather than optimize for theoretical completeness
• Experience building, leading, and developing high-performing security teams
• The ability to set strategy, translate it into execution, and deliver measurable outcomes
• Clear communication skills and the credibility to work effectively with engineers, executives, and external ecosystem participants
• Experience operating in environments where security failures could lead to financial loss, operational disruption, or loss of trust

Nice-to-Haves

• Experience with secure development frameworks such as NIST SSDF
• Familiarity with Web3 security frameworks such as OWASP SCSVS or SEAL
• Experience in financial infrastructure, payments, custody, or tokenized finance
• Experience with large-scale platform or ecosystem security architecture
• Experience in identity, trust, encryption, or internet-scale systems

Compensation

• Base salary range: $225,000 - $335,000 depending on job-related knowledge, skills, experience, and location
• Lumen-denominated grants
• Competitive health, dental & vision coverage
• Flexible time off + 15 company holidays
• Generous paid parental leave
• Gym reimbursement, 401K with 4% match, commuter benefits, and more