Search...

Head of Security

Compound Finance logo
Compound Finance

Compound Finance is a decentralized finance (DeFi) protocol that provides a global market for capital, enabling users to earn yield on deposited assets and borrow against crypto collateral. It serves crypto asset holders and DeFi users seeking to earn yield, access liquidity, or borrow against established digital assets like ETH, WBTC, and stablecoins.

Distributed
About Compound Finance

Compound is a DeFi lending and borrowing protocol that allows users to deposit crypto assets to earn market-driven yield with instant withdrawals, and to borrow against curated collateral assets at competitive rates with instant liquidity. Loans are backed by excess collateral to reduce lending risk. The protocol has facilitated over $480B in total deposits and loans and $57B in all-time loans over more than six years of operation. Security is a core focus, with independent audits, comprehensive testing, continuous security reviews, and a bug bounty program backed by Immunefi offering rewards up to $1M. The Compound Foundation supports the long-term growth of the ecosystem through strategic planning, ecosystem development, partnerships, governance coordination, and community engagement, alongside teams focused on risk & capital management, engineering, and protocol security.

View jobs by Compound Finance

Skills

About the Role

You will own the Foundation's security posture across protocol development, infrastructure, tooling, access, custody interfaces, vendor risk and incident readiness. You'll work closely with the COO, CTO, Head of Product, engineering leads, external auditors, bug bounty providers, ecosystem contributors and governance stakeholders to keep the protocol and ecosystem secure as v4 expands into new markets, assets and institutional integrations. You'll operate at both strategic and hands-on levels across smart contract security, infrastructure security, incident response, vendor management and operational security.

Requirements

  • 8+ years security experience, including hands-on security engineering, application security or infrastructure security, with demonstrated end-to-end ownership of a security function
  • Direct crypto, DeFi, smart contract, blockchain infrastructure or protocol security experience
  • Strong understanding of smart contract audits, vulnerability management, bug bounties and secure deployment practices
  • Experience hardening cloud, GitHub, CI/CD, identity, access, secrets management and endpoint environments
  • Experience leading incident response for high-severity technical or security events
  • Ability to operate as both security strategist and hands-on builder in a small team
  • Traditional finance or other critical financial infrastructure experience is desirable but not required

Responsibilities

  • Own the Foundation security program across protocol, infrastructure, applications, internal tools, vendors and access controls
  • Support protocol and ecosystem security by coordinating secure development practices, audit processes, vulnerability handling, contributor guidance and incident response readiness
  • Manage and coordinate with Compound's security service providers, including audit firms, formal verification specialists and incident response providers
  • Partner with CTO and engineering team on secure architecture, secure SDLC, code review and deployment practices
  • Implement incident response procedures for vulnerabilities, exploits, access compromise, vendor compromise and operational security events
  • Harden identity, access management, secrets, GitHub, cloud, CI/CD, endpoint and offboarding practices
  • Support wallet, multi-sig, key management and custody security standards in partnership with Finance/Treasury and Risk
  • Evaluate security vendors, auditors, bug bounty platforms and external experts
  • Produce short, decision-ready security updates for leadership; escalate material issues or launch blockers quickly