Security Analyst

Job Description

Aptos is a people-first blockchain on a mission to help billions of people achieve universal and fair access to decentralized assets in a safe and scalable way.

Founded by some of the original creators and maintainers that researched, designed, and built the Diem blockchain to serve this purpose, we have dedicated several years toward this mission. We believe the open-source Diem technology we have developed is an important foundation of a safe and scalable web3 world where everyone has more equitable opportunities to grow and access financial assets with lower fees and fewer intermediaries.

Aptos (Ohlone for “The People”) encompasses our mission and ethos for why we build.

Aptos Foundation is seeking a Security Analyst to help operate and scale security across the organization. Reporting to the Security Lead, this role will support core security workflows spanning phishing response, bug bounty operations, access governance, and operational security hygiene. This is a hands-on, cross-functional role offering broad exposure across security operations, access governance, and threat response—ideal for someone looking to develop a wide view of security in a fast-moving organization.

Responsibilities

• Respond to and triage alerts relating to phishing attacks, impersonation, scams, and brand abuse (e.g. Sublime, Doppel), escalating credible threats where appropriate.
• Coordinate day-to-day operation of the bug bounty program, including communication with researchers, issue tracking, reporting, and internal follow-up.
• Conduct user access reviews and review security settings, access configurations, and administrative controls across business systems, SaaS platforms, and internal infrastructure, tracking remediation where required.
• Support recurring operational security workflows, including documentation, process tracking, and follow-up.

Requirements

• 2+ years of experience in a security-focused role, such as security operations, IAM, application security support, operational security, or a similar domain.
• Familiarity with core security concepts including phishing, authentication, access control, least privilege, and common vulnerability classes.
• Ability to manage multiple concurrent workflows with strong attention to detail and reliable follow-through.
• Clear written communication and confidence coordinating across technical and non-technical stakeholders.
• Self-motivated, organized, and comfortable operating independently in a remote-first environment with minimal supervision.

Nice to Have

• Experience automating operational workflows using LLMs or AI tooling (e.g. Claude).
• Familiarity with common web application vulnerabilities (e.g. OWASP Top 10).
• Exposure to vulnerability disclosure / bug bounty workflows.
• Experience with SaaS administration, access reviews, or IAM processes.
• Experience in web3 environments or familiarity with common web3 threat patterns.

The base salary range for this full-time position is $120k - $180k. The range displayed on each job posting reflects the minimum and typical maximum target for new hire salaries for the position of a candidate based in the Bay Area at any level. We do hire exceptionally talented professionals with decades of experience in their field. As such, our range may be higher than what is displayed. Our base salary ranges are determined by experience and location, and we hire at all levels for multiple roles. Within the range, individual pay is determined by work location, job-related skills demonstrated during the interviews, working experience, and relevant education or training. Please note that the compensation details listed in role postings reflect the base salary only and do not include equity, tokens, or benefits.

#LI-PG1

Our Benefits

• 100% insurance premium coverage for medical, dental, and vision for you and your dependents (US Employees)
• Equipment of your choice
• Flexible vacation time, 11 holidays, and floating company days off
• Competitive Salary
• Protocol Token Grants
• 401k matching (US Employees)
• Fun and inclusive in-person and digital events

Aptos is committed to diversity in the workplace, and we’re proud to be an Equal Opportunity Employer. We do not hire on the basis of race, color, religion, creed, gender, national origin, citizenship, age, disability, veteran status, marital status, pregnancy, parental status, sex, gender expression or identity, sexual orientation, or any other basis protected by local, state or federal law. All employment is decided based on qualifications, merit, and business need.

We are committed to providing a safe and secure hiring process for all applicants. Unfortunately, there are individuals who may attempt to impersonate Aptos or our employees for fraudulent purposes.

To protect yourself, please be aware of the following:

• We will never ask you for payment of any kind during the application or onboarding process, including fees for background checks, training, or equipment.
• We will always communicate with you using our official company email domain.
• We will never request your personal financial information, such as your social security number or bank account details, during the initial application stages or via email or a video/voice call when onboarding.