Security Analyst
Aptos Labs is the core development team behind the Aptos blockchain, building products and applications that bring decentralization and Web3 to mainstream users. The company serves individual users, developers, and enterprise partners with wallets, identity, login, and API/developer tooling for the Aptos network.
Investors
Projects
About Aptos Labs
Aptos Labs is a team of researchers, strategists, designers, and builders focused on bringing decentralization to the masses through the Aptos blockchain, the first Move-based Layer 1 which launched its mainnet in October 2022. The company builds a suite of consumer and developer products including Petra Wallet (a self-custodial wallet), Aptos Connect (Web3 login via OAuth/social login), Geomi (developer tooling for API access, NFT integration, and Web3 logins), Aptos Explorer, and Aptos Names (on-chain identity/naming). Aptos Labs serves a broad range of clients from individual crypto users to enterprises and ecosystem partners, having formed partnerships with organizations such as Microsoft, Google Cloud, NBCUniversal, Alibaba Cloud, Brevan Howard, SK Telecom, and MoonPay, and expanding through acquisitions such as HashPalette to enter the Japan market. The company was founded in January 2022, raised seed funding led by a16z crypto, and a Series A round with participation from Dragonfly, Apollo, and Franklin Templeton, among others.
Skills
About the Role
You will respond to phishing alerts, impersonation, and brand abuse; conduct user access reviews and review security settings across business systems and SaaS platforms; support recurring operational security workflows including documentation and process tracking; coordinate with stakeholders in a remote-first environment.
Requirements
- 2+ years of experience in a security-focused role, such as security operations, IAM, application security support, operational security, or a similar domain.
- Familiarity with core security concepts including phishing, authentication, access control, least privilege, and common vulnerability classes.
- Ability to manage multiple concurrent workflows with strong attention to detail and reliable follow-through.
- Clear written communication and confidence coordinating across technical and non-technical stakeholders.
- Self-motivated, organized, and comfortable operating independently in a remote-first environment with minimal supervision.
Responsibilities
- Respond to and triage alerts relating to phishing attacks, impersonation, scams, and brand abuse (e.g. Sublime, Doppel), escalating credible threats where appropriate.
- Coordinate day-to-day operation of the bug bounty program, including communication with researchers, issue tracking, reporting, and internal follow-up.
- Conduct user access reviews and review security settings, access configurations, and administrative controls across business systems, SaaS platforms, and internal infrastructure, tracking remediation where required.
- Support recurring operational security workflows, including documentation, process tracking, and follow-up.
Benefits
- 100% insurance premium coverage for medical, dental, and vision for you and your dependents (US Employees)
- Equipment of your choice
- Flexible vacation time, 11 holidays, and floating company days off
- Protocol Token Grants
- 401k matching (US Employees)
- Fun and inclusive in-person and digital events
