Founders
Companies
Jobs
Philosophy
Team
Perspectives
Press
Linkedin
Twitter
Telegram
Discord

Infrastructure Security Engineer

Remote

About Fedi

Fedi empowers communities everywhere so they can secure and use their money and data with Fedimint. We connect the most fundamental human technology — community — with freedom technologies, like bitcoin, to level up humanity. As a Security & DevOps Engineer at Fedi, you’ll have the opportunity to be part of this exciting, life-changing journey and help us empower communities around the world.

Role Overview

At Fedi, our mission is simple but bold: to empower humanity with freedom technology. We build on Bitcoin, Lightning, and Fedimint to help communities secure and use their money and data.

We’re hiring an Infrastructure Security Engineer to take primary ownership of security posture across Fedi’s production and developer infrastructure, with extra emphasis on any systems that touch bitcoin value flows (e.g., Bitcoin Core, Lightning gateways, Fedimint federations, treasury processes, and key material).

If you’re passionate about protecting real bitcoin in production, thrive in adversarial-thinking roles, and want to shape security culture at a mission-driven startup from the ground up—we’d love to hear from you.

Responsibilities

Security Ownership (primary)

  • Lead Fedi’s security roadmap: drive short-term hardening through to long-term maturity.
  • Serve as the Directly Responsible Individual (DRI) for security initiatives across Engineering, Operations, and Finance.
  • Harden and monitor all infrastructure that touches bitcoin: bitcoin nodes, LND Lightning gateways, and Fedimint federations holding treasury funds.
  • Extend and improve pragmatic controls (e.g., authentication/MFA, access policies, audit trails, logging, secrets, and operational guardrails).
  • Establish lightweight security metrics and reporting (what changed, what’s exposed, what’s improving).

Incident Response & Readiness

  • Draft, test, and iteratively improve incident response playbooks (technical + comms + escalation).
  • Lead or support incident handling when needed: triage, containment, investigation, recovery, and postmortems.
  • Ensure tamper-resistant logging and sufficient data retention for forensics.

DevOps & Infrastructure (Secondary)

  • Integrate vulnerability management into engineering workflows (dependency scans, container scanning, CVE tracking, patch SLAs that match risk).
  • Partner with engineers to remediate issues quickly and safely; provide clear, actionable guidance.
  • Review critical infra/code paths for security issues (especially around wallet/node/gateway operations).
  • Provide operational backup for AWS/EKS-based infrastructure.
  • Maintain reliability basics: monitoring, alert hygiene, capacity awareness, backups, and secure configuration.
  • Leverage AI tools to accelerate debugging, infrastructure analysis, and safe automation, while ensuring outputs are validated and production-ready.

Requirements

We care most about security judgment, a builder mindset, and real-world operational competence.

  • 4+ years in a hands-on role spanning Security Engineering, SecDevOps, SRE, Infrastructure, or similar—operating real production systems.
  • Strong security fundamentals across cloud and Linux environments: IAM/least privilege, secrets handling, logging/auditing, network segmentation, hardening, and incident response.
  • Strong understanding of networking and adversarial environments (e.g., DDoS, abuse patterns, perimeter vs. internal threats, practical mitigations).
  • Solid Linux and systems knowledge: troubleshooting, performance/resource management, safe change practices.
  • Ability to work in a startup environment with incomplete information: prioritize ruthlessly, ship improvements incrementally, and communicate trade-offs clearly.
  • Comfortable collaborating cross-functionally (Engineering + Ops + Finance) to implement controls that involve process as well as technology.
  • Software engineering experience, especially backend/system development: you can read code, debug issues, and build small tools/automation when needed.
  • Basic to moderate understanding of SQL and data access patterns (enough to reason about risk, access controls, and audit needs).
  • Practical understanding of Bitcoin and Lightning fundamentals (on-chain concepts, Lightning risk surface, hot wallet realities, operational safety).
  • Comfortable using AI tools (e.g., coding assistants, analysis tools, or custom workflows) to improve speed and quality of work.

Nice to Haves

  • Experience with AWS security and operations (IAM design, CloudTrail, GuardDuty/Security Hub, org/account structure, KMS, SCPs).
  • Kubernetes/EKS security and ops experience (RBAC, pod security, workload identity, network policies, secrets patterns).
  • Infrastructure as Code (e.g., Terraform) and policy-as-code patterns.
  • Rust development experience beyond “code reading” (shipping production Rust services/tools).
  • Experience with Nix/NixOS or reproducible builds/deployments.
  • Experience running or securing Bitcoin Core and Lightning nodes (LND or alternatives), especially in hot wallet settings.
  • Familiarity with custodial wallet systems, treasury ops controls, and fund movement approval workflows.
  • Familiarity with Fedimint, Chaumian e-cash, or federated custody models. or strong interest in learning the Fedimint ecosystem.
  • Experience designing or operating SIEM/SOC-lite programs at an appropriate scale (not enterprise theater).
  • Distributed systems background; cryptography/e-cash familiarity (e.g., Chaumian e-cash or federated custody concepts); or strong interest in learning the Fedimint ecosystem.
  • Experience building or using AI-assisted workflows, agents, or internal tooling to automate operational or security tasks.

Benefits

Salary: We offer a competitive salary package based on your skills, experience, and expertise, as well as stock options.

Paid Vacation: We believe in a healthy work-life balance, so we offer employees the flexibility to take as much vacation time as they need to recharge and return refreshed.

Travel: As a global company, we offer opportunities to travel to different parts of the world to attend conferences, events, and industry-related activities—an opportunity to expand your knowledge and professional network.

Training and Mentorship: At Fedi, we invest in your personal and professional growth. We offer financial resources for personal development and leadership training sessions to help you continuously improve and advance your career.

Equipment: We contribute to work-related expenses, ensuring you have the tools you need to perform your job effectively.

Join Us!

If you’re passionate about securing systems that protect real people’s money and data, and you want to shape security culture at a mission-driven company from the ground up, we want to hear from you. Please email your CV to engineeringjobs@fedi.xyz. We look forward to receiving your application for this exciting position.