CrawlJobs Logo
Aptos Logo Aptos · IT - Software Development

Information Security Engineer, Product

· Job Posted January 20, 2026
Apply Position
Job Link Share

Job Description

At Aptos Labs we’re pioneering the future of web3 and need a passionate Product Security Engineer to help secure our core technologies. In this role, you’ll be at the forefront of safeguarding our Aptos core infrastructure and Aptos Labs products. Your proactive approach will help us identify and mitigate emerging threats, ensuring our systems remain resilient and trustworthy. You will work closely with our developers, influence security best practices, and lead initiatives that shape the future of web3 security.

Job Responsibility

  • Analyze and assess novel and recurring security issues via design reviews, code audits, and penetration tests
  • Design and build security tools, and develop mitigations, frameworks, and hardening strategies tailored for vulnerability prevention and detection
  • Review and develop secure operational practices, and provide security guidance for engineers
  • Respond to and triage reports from bug bounty programs

Requirements

  • B.S. or M.S. in Computer Science, a related technical field, or equivalent experience
  • 3+ years of experience in vulnerability research and exploitation
  • Experience with native development practices and common vulnerability patterns (e.g., Rust, C, etc.)
  • Experience with automated security analysis tooling and frameworks (fuzzing, static analysis, etc.)

Nice to have

  • Contributions to the security community (public research, blogging, talks in relevant conferences, etc.)
  • Experience with virtual machines or complex runtime environments, such as MoveVM (extra bonus), EVM, WASM, or LLVM-based runtimes, including their security models, sandboxing, and execution isolation
  • Familiarity with smart contract programming languages (extra bonus for Move), security tools, and frameworks, including formal verification

What we offer

  • 100% insurance premium coverage for medical, dental, and vision for you and your dependents (US Employees)
  • Equipment of your choice
  • Flexible vacation time, 11 holidays, and floating company days off
  • Competitive Salary
  • Protocol Token Grants
  • 401k matching (US Employees)
  • Fun and inclusive in-person and digital events
Aptos - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Information Security Engineer, Product

8 matching positions

Information Security Engineer, Product

At Aptos Labs we’re pioneering the future of web3 and need a passionate Product ...
Location
Location
Global
Salary
Salary:
Not provided
aptosfoundation.org Logo
Aptos
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • B.S. or M.S. in Computer Science, a related technical field, or equivalent experience
  • 3+ years of experience in vulnerability research and exploitation
  • Experience with native development practices and common vulnerability patterns (e.g., Rust, C, etc.)
  • Experience with automated security analysis tooling and frameworks (fuzzing, static analysis, etc.)
Job Responsibility
Job Responsibility
  • Analyze and assess novel and recurring security issues via design reviews, code audits, and penetration tests
  • Design and build security tools, and develop mitigations, frameworks, and hardening strategies tailored for vulnerability prevention and detection
  • Review and develop secure operational practices, and provide security guidance for engineers
  • Respond to and triage reports from bug bounty programs
What we offer
What we offer
  • 100% insurance premium coverage for medical, dental, and vision for you and your dependents (US Employees)
  • Equipment of your choice
  • Flexible vacation time, 11 holidays, and floating company days off
  • Competitive Salary
  • Protocol Token Grants
  • 401k matching (US Employees)
  • Fun and inclusive in-person and digital events
  • Fulltime
Read More
Arrow Right

Information System Security Engineer (ISSE) / Cybersecurity Systems Engineer (TS Cleared)

We are currently seeking a Information System Security Engineer (ISSE) / Cyberse...
Location
Location
United States , Quantico
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in related fields (e.g. Computer Management Information Systems, Computer Science) or six (6) years applicable experience to include four (4) years of specialized experience
  • Minimum 5 years supporting Information Security roles/responsibilities as listed above
  • One or more of the following certications: ISC2 CGRC, ISC2 SSCP, CompTIA CySA+, CompTIA Security+ CE, and/or ISC2 Certified in Cybersecurity
  • Active Top Secret security clearance
Job Responsibility
Job Responsibility
  • Manage, monitor, and maintain IT infrastructure to ensure system uptime and optimal performance
  • Maintain performance to ensure that the throughput of the system does not degrade unexpectedly as the volume of work increases
  • Perform regular system backups, recovery procedures, and data management tasks
  • Provide technical support and assistance to users
  • Develop and maintain system documentation, including configurations, procedures, and troubleshooting guides
  • Plan and implement software updates, hardware upgrades, and migrations with minimal disruption to operations
  • Provide technical support for systems and applications
  • Monitor and optimize the performance of the infrastructure
  • Develop and implement backup and recovery strategies
  • Ensure compliance with security and regulatory standards
  • Fulltime
Read More
Arrow Right
New

Senior Information Security Engineer

SmartRecruiters is looking for a Senior Information Security Engineer to join th...
Location
Location
Poland
Salary
Salary:
Not provided
smartrecruiters.com Logo
SmartRecruiters
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in information security, governance, risk, and/or compliance roles with a technical orientation
  • Demonstrated compliance or auditing experience with at least one major framework
  • Solid understanding of controls auditing principles and evidence management
  • Knowledge of risk management methodologies and experience conducting or supporting risk assessments
  • Ability to manage and deliver on multiple complex projects simultaneously, with minimal supervision
  • The ability to investigate, question, and interpret internal and external IT security and compliance issues at both a governance and technical level
  • A strong understanding of technology, cloud-based products, and SaaS environments
  • Experience working across business units and geographical boundaries to engage engineering, business, and operational teams
  • Experience with ISO 27001
  • Excellent written and verbal communication skills in English
Job Responsibility
Job Responsibility
  • Identify manual, repetitive GRC processes and design automation blueprints to streamline them, including evidence collection, control monitoring, access reviews, policy enforcement checks, and compliance reporting
  • Build and maintain automated workflows using compliance platforms, scripting, or integration tools to reduce manual effort and improve audit-readiness
  • Develop reusable templates, playbooks, and standardised blueprints for recurring GRC activities (e.g., vendor assessments, internal audits, risk reviews) to ensure consistency and scalability
  • Collaborate with engineering and IT teams to integrate security and compliance checks into existing toolchains and CI/CD pipelines where applicable
  • Continuously evaluate and improve GRC tooling, data flows, and reporting to drive operational efficiency across the team
  • Manage stakeholder expectations and partner with internal teams to ensure effective management of IT risks and compliance obligations
  • Maintain regional and local stakeholder relationships, meeting schedules, minutes, and reports
  • Support the maintenance of the SOC 2 Type II framework, including evidence collection, control testing coordination, and audit support
  • Effectively manage ISO 27001 and ISO 22301 audit lifecycles and coordinate with stakeholders on ISMS and BCMS improvements
  • Support the maintenance and continuous improvement of the ISO 42001 (AI Management System) framework in alignment with the EU AI Act
Read More
Arrow Right

Senior Software Engineer, Information Security

We are seeking a Senior Software Engineer to design, build, and scale secure ent...
Location
Location
United States of America , Bentonville
Salary
Salary:
90000.00 - 180000.00 USD / Year
walmart.com Logo
Walmart
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Information Technology, or related field and 5 years' experience in information technology within the past 10 years OR 7 years' experience in information technology or related field within the past 10 years.
Job Responsibility
Job Responsibility
  • Design, build, and maintain scalable services supporting MFA, PR-MFA, and CBA
  • Implement secure registration, recovery, lifecycle, and enforcement workflows
  • Contribute to enterprise-scale rollout strategies for phishing-resistant MFA and certificate-based authentication
  • Integrate MFA capabilities into identity providers, SSO platforms, VPN solutions, and endpoint systems
  • Apply FIDO2/passkey and CBA (PKI, certificates) concepts in production systems
  • Build automation to support hardware authenticator enrollment, recovery, and lifecycle operations
  • Develop dashboards and metrics to monitor adoption, rollout health, reliability, and security posture
  • Participate in architectural design discussions and contribute to long-term technical strategy
  • Mentor junior engineers and promote engineering best practices through code reviews, documentation, and knowledge-sharing sessions
What we offer
What we offer
  • medical, vision and dental coverage
  • 401(k), stock purchase and company-paid life insurance
  • PTO (including sick leave), parental leave, family care leave, bereavement, jury duty, and voting
  • short-term and long-term disability, company discounts, Military Leave Pay, adoption and surrogacy expense reimbursement
  • PTO and/or PPTO
  • Live Better U education benefit program
  • annual or quarterly performance bonuses
  • stock
  • Fulltime
Read More
Arrow Right

Lead Information Security Engineer - Python Full Stack Developer

Wells Fargo is seeking a Lead Information Security Engineer.
Location
Location
India , Hyderabad
Salary
Salary:
Not provided
https://www.wellsfargo.com/ Logo
Wells Fargo
Expiration Date
June 29, 2026
Flip Icon
Requirements
Requirements
  • 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
  • 5+years of experience in Software Engineering, Data Engineering, or a backend development python development and backend architecture
  • Expert level knowledge of Python internals, concurrency (Asyncic/Multiprocessing) and building high performance, memory efficient applications
  • Proven expertise in designing and governing enterprise grade CI/CD pipelines and must manage complex code promotions across multi-region environments using GIT hub actions, Git Lab, or Azure DevOps
  • Extensive hands-on experience with Apache Kafka (or Confluent), including cluster tuning, schema registry management and designing event driven architectures
  • Deep experience with Grafana and Prometheus for full stack observability – defining SLIs/SLOs, custom exporters and complex alerting logic
  • Strong understating of the end-to-end ML life cycle, specifically in the deployment and scaling of models using frameworks like BentoML, Ray, or KServe
  • Experience in SQL, data modelling, ETL/ELT pipelines, and large-scale data processing
  • Good to have knowledge in Terraform, Palumi and container orchestration – Kubernetes, EKS
Job Responsibility
Job Responsibility
  • Lead computer security incident response activities for highly complex events
  • Conduct technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies
  • Provide security consulting on large projects for internal clients to ensure conformity with corporate information, security policy, and standards
  • Design, document, test, maintain, and provide issue resolution recommendations for highly complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security
  • Review and correlate security logs
  • Utilize subject matter knowledge in industry leading security solutions and best practices to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity
  • Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives
  • Collaborate and influence all levels of professionals including managers
  • Lead a team to achieve objectives
  • Lead the development of mission critical python services, ensuring high availability and low latency performance
  • Fulltime
Read More
Arrow Right

Senior Information Security Engineer

Mastercard is seeking candidates to join the Data Protection team with a focus o...
Location
Location
Ireland , Dublin 18
Salary
Salary:
Not provided
mastercard.com Logo
Mastercard
Expiration Date
October 10, 2026
Flip Icon
Requirements
Requirements
  • Experience operating or designing security governance or enforcement programs in large, complex environments
  • Strong understanding of information security, data protection, and risk management, particularly as applied to SaaS and third party technologies
  • Demonstrated ability to make and defend risk based decisions that balance security, policy, and business impact
  • Experience working cross functionally with Legal, Privacy, Compliance, and Technology teams
  • Ability to clearly document decisions and articulate technical and business impact to diverse audiences
  • Strong verbal and written communication skills, including executive ready summaries
  • Demonstrated technical competency in security engineering through hands on experience or relevant qualifications
  • Design and implement data models and analytics frameworks to support Shadow IT blocking decisions, escalation tracking, and governance reporting
  • Develop automated processes and dashboards to provide visibility into blocking activity, unblock requests, escalation outcomes, and trend analysis
  • Evaluate and integrate data sources (e.g., SaaS discovery tools, cloud telemetry, intake systems) to ensure accurate and timely Shadow IT decisioning data
Job Responsibility
Job Responsibility
  • Contribute to the execution of the Shadow IT and Data Protection roadmap, with primary ownership of enforcement, escalation, and governance processes
  • Develop and maintain a Shadow IT blocking strategy framework for unapproved applications, including: Blocking criteria and decision thresholds, Risk scoring aligned to data sensitivity, access, and exposure, Defined escalation paths for exceptions and high impact cases
  • Document all blocking decisions with clear business justification, technical impact assessment, and alignment to security and data protection policy
  • Establish and maintain communication protocols to notify stakeholders of application blocks, including timelines, approved alternatives, and available support resources
  • Manage unblock requests and escalations and exception processing, coordinating with Security Operations and business stakeholders to evaluate risk and determine outcomes
  • Partner with application, platform, and business teams to define paths to compliance, including remediation, onboarding to approved services, or decommissioning
  • Track and report Shadow IT metrics, including blocking trends, unblock volumes, escalation outcomes, incidents, and stakeholder satisfaction
  • Work side by side with other team members to build and mature the Shadow IT governance process, while taking lead ownership of defined processes such as: Escalations and exception handling, Cross functional coordination, Technical impact assessment, Policy alignment and enforcement
  • Build and operationalize a next generation Shadow IT governance model that provides transparency, consistency, and defensibility across the enterprise
  • Develop a way to automatically tag approved apps
  • Fulltime
Read More
Arrow Right

Product & Information Security Architect

We are looking for a motivated Product & Information Security Architect to stren...
Location
Location
Korea, Republic Of , Seoul
Salary
Salary:
Not provided
ericsson.com Logo
Ericsson
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree or higher in Computer Science, Information Technology, Information Security, or a related field, or equivalent practical experience in software/IT and security
  • 10+ years of experience in a security-related or software/IT engineering role, with practical exposure to product and application security, such as: Handling security requirements from customers and partners
  • Supporting security design, review, or validation for software products or platforms
  • Contributing to Enterprise information security and cyber security
  • Good understanding of network, system, and application security fundamentals including: Vulnerability types and mitigation approaches
  • Network configuration and related security risks
  • Encryption, key management, and secure protocol usage
  • Good understanding of major security and privacy regulations (e.g., GDPR, CCPA, HIPAA or similar) and how they influence product and information security
  • Intermediate or higher level of English, both written and spoken
Job Responsibility
Job Responsibility
  • Own and improve product security across the lifecycle (design, implementation, testing, and deployment including security standards, directions)
  • Design security architecture to address increasing security threats and global regulations and compliance requirements
  • Assess and advise on network architecture risks, encryption choices, and secure protocol selection in collaboration with development teams
  • Perform and support security risk assessments, threat modelling, and security reviews for products
  • Support vulnerability management: identify, analyze, and track remediation of vulnerabilities, follow up on verification and closure
  • Understand security requirements from external partners and customers, translate them into concrete actions, and help prioritize them based on risk and business impact
  • Lead and coordinate Cyber Resilience Act (CRA) readiness and compliance activities for relevant products and services
  • Contribute to and improve information security policies, standards, and guidelines collaborating with Business Area’s stakeholders to drive information security adaptation
  • Lead type approval activities for relevant products
  • Fulltime
Read More
Arrow Right

Senior Product Security Engineer

We are seeking a Senior Product Security Engineer with medical device experience...
Location
Location
United States
Salary
Salary:
127000.00 - 165000.00 USD / Year
themuse.com Logo
The Muse
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Security, or related field
  • 6+ years of experience in information security, with direct focus on product security for medical devices
  • Strong understanding of security principles, methodologies, and tools within the PDLC and SDLC
  • Demonstrated experience conducting Cybersecurity Risk Assessments (CSRAs), vulnerability analysis, and working with modern threat detection tools (Veracode, Snyk, GitLab, or similar)
  • Familiarity with NIST Cybersecurity Framework, NIST SP 800-171, and deeper controls/frameworks such as NIST SP 800-53 (Security and Privacy Controls), NIST SP 800-92 (Log Management), and NIST SP 800-63 (Digital Identity Guidelines)
  • Hands-on experience with vulnerability identification and threat modeling within healthcare using methodologies such as STRIDE
  • Experience operating in a regulated environment (FDA, HIPAA, GDPR, international regulatory frameworks)
  • Experience with medical device hardware or Software as a Medical Device (SaMD)
  • Experience with medical device software development and regulatory processes
  • Excellent problem-solving, analytical, and communication skills, able to take a multi-siloed approach
Job Responsibility
Job Responsibility
  • FDA Cybersecurity Compliance: Ensure compliance with FDA cybersecurity guidance and regulations in collaboration with Cybersecurity, Regulatory, Quality, and Systems Development teams
  • Risk Assessments & CSRAs: Conduct comprehensive security risk assessments, including Cybersecurity Risk Assessments (CSRAs), to identify vulnerabilities and threats across device hardware, firmware, software, and cloud components
  • Threat Modeling: Develop and maintain device-specific cyber threat models, factoring in patient safety, data privacy, and operational continuity
  • SBOM Management: Demonstrate familiarity with Software Bill of Materials (SBOM) and effectively communicate technical details
  • Security Documentation: Create and maintain cybersecurity documentation for pre- and post-market activities, ensuring regulatory alignment
  • Data Flow Diagrams: Produce detailed data flow diagrams to support the threat modeling process
  • Security Design Reviews: Participate in design reviews of medical device architectures and implementations, providing actionable recommendations for system security requirements
  • Vulnerability Analysis & Management: Perform and support vulnerability analysis and coordinate the vulnerability management program, including scanning, patching, and remediation for medical devices
  • Threat Detection Tools: Leverage and maintain application and threat detection tools (Veracode, Snyk, GitLab, or equivalent) to identify security flaws early in the SDLC
  • Incident Response: Support investigation and remediation of device-related security incidents, minimizing impact and preventing recurrence
What we offer
What we offer
  • FSA
  • HSA
  • Health Insurance
  • Dental Insurance
  • Vision Insurance
  • Life Insurance
  • Short-Term Disability
  • Long-Term Disability
  • FSA With Employer Contribution
  • HSA With Employer Contribution
Read More
Arrow Right