Senior/Staff Security Engineer - Corporate Security

Phantom is revolutionizing the way millions of people interact with the crypto ecosystem. Our self-custodial wallet offers a seamless, unified experience for managing accounts and tokens across Solana, Bitcoin, Ethereum, and Polygon, empowering users with a single, convenient solution. By integrating cutting-edge security features and launching innovative tools for an enhanced personalized user experience, Phantom is able to provide a next-generation, safe and easy to use self-custodial wallet for everyone. This strategy has allowed Phantom to achieve significant milestones including surpassing 15 million MAU’s, reaching #1 in the Google play store finance category, and consistently trending as a Top 50 app across all categories, right next to X, PayPal, Coinbase, and ChatGPT.

We're seeking a Senior/Staff Security Engineer to own and scale the security of Phantom's corporate infrastructure. This is a foundational role—you'll be our first dedicated corporate security hire, working directly with the Head of Security to build enterprise security capabilities from the ground up.

You'll protect our distributed workforce, secure our corporate systems, and enable our team to move fast without compromising safety. This role sits at the intersection of security engineering, IT operations, and risk management, where you'll build security controls that are both robust and user-friendly.

What You'Ll Do

Build & Secure Corporate Infrastructure

• Design, implement, and manage security for all corporate endpoints across our fully distributed workforce
• Deploy and operate our security stack including MD, EDR/XDR, ZTNA and SSO
• Implement zero-trust architecture principles including device trust, conditional access, and least-privilege controls
• Enforce security baselines, hardening standards, and compliance policies across all corporate systems
• Build and maintain secure authentication systems and identity management workflows

Drive Security Initiatives & Risk Reduction

• Lead security initiatives for endpoint hardening, access controls, and corporate infrastructure protection
• Conduct security design reviews and risk assessments for new services, tools, and integrations
• Perform vulnerability assessments and drive remediation efforts across corporate systems
• Partner with IT and cross-functional teams to balance security requirements with business velocity
• Develop and enforce IT security policies, standards, and procedures aligned with industry best practices

Detection, Response & Automation

• Respond to security incidents and events impacting corporate systems with urgency and technical depth
• Collaborate with the Detection & Response team to build detection rules, alerts, and monitoring for corporate infrastructure threats
• Automate security workflows using Python, Go, or similar languages to reduce manual toil
• Create runbooks and playbooks for common security scenarios
• Leverage security tooling and automation to scale security operations efficiently

Security Culture & Education

• Evangelize security best practices through education, training, and internal communications
• Build security awareness programs that empower employees to make secure decisions
• Partner with engineering teams to embed "secure by default" principles into development workflows
• Serve as a trusted security advisor across the organization
• 5+ years of experience in corporate/enterprise security, IT security, or endpoint security engineering
• MDM platforms: JAMF, Kandji, Intune, or similar for macOS/iOS fleet management
• EDR/XDR solutions: CrowdStrike, SentinelOne, Microsoft Defender, or similar
• Identity & Access Management: Okta, Azure AD/Entra ID, or similar SSO/IAM platforms
• Evangelize security best practices through education, training, and internal communications
• Build security awareness programs that empower employees to make secure decisions
• Partner with engineering teams to embed "secure by default" principles into development workflows
• Serve as a trusted security advisor across the organization
• 5+ years of experience in corporate/enterprise security, IT security, or endpoint security engineering
• MDM platforms: JAMF, Kandji, Intune, or similar for macOS/iOS fleet management
• EDR/XDR solutions: CrowdStrike, SentinelOne, Microsoft Defender, or similar
• Identity & Access Management: Okta, Azure AD/Entra ID, or similar SSO/IAM platforms

What We'Re Looking For

Must-Have

• Deep Hands-On Expertise With:

• Authentication protocols: SAML, OAuth, OIDC, SCIM
• Zero Trust architecture: Device trust, conditional access, identity verification, and least-privilege access models
• Strong scripting/automation skills: Python, Go, Bash for security automation and tooling
• Cloud security knowledge: Hands-on experience with AWS, GCP, or Azure
• macOS security expertise: Deep understanding of macOS security architecture, hardening, and management
• Proven ability to independently manage projects, navigate ambiguity, and drive initiatives to completion
• Collaboration skills: Ability to work cross-functionally, influence without authority, and translate security requirements for non-technical stakeholders
• Security-first mindset with practical knowledge of zero-trust principles, defense-in-depth, and risk-based security
• Crypto/Web3 or fintech experience: Prior work at crypto exchanges, wallets, DeFi protocols, or fintech startups
• Detection engineering background: Experience with SIEM, log analysis, threat hunting, or SOC operations
• Authentication protocols: SAML, OAuth, OIDC, SCIM
• Zero Trust architecture: Device trust, conditional access, identity verification, and least-privilege access models
• Strong scripting/automation skills: Python, Go, Bash for security automation and tooling
• Cloud security knowledge: Hands-on experience with AWS, GCP, or Azure
• macOS security expertise: Deep understanding of macOS security architecture, hardening, and management
• Proven ability to independently manage projects, navigate ambiguity, and drive initiatives to completion
• Authentication protocols: SAML, OAuth, OIDC, SCIM
• Zero Trust architecture: Device trust, conditional access, identity verification, and least-privilege access models
• Strong scripting/automation skills: Python, Go, Bash for security automation and tooling
• Cloud security knowledge: Hands-on experience with AWS, GCP, or Azure
• macOS security expertise: Deep understanding of macOS security architecture, hardening, and management
• Proven ability to independently manage projects, navigate ambiguity, and drive initiatives to completion
• Security-first mindset with practical knowledge of zero-trust principles, defense-in-depth, and risk-based security
• Crypto/Web3 or fintech experience: Prior work at crypto exchanges, wallets, DeFi protocols, or fintech startups
• Detection engineering background: Experience with SIEM, log analysis, threat hunting, or SOC operations

Nice-To-Have

• Modern threat landscape knowledge: Understanding of adversary tactics, techniques, and procedures (TTPs) including social engineering, phishing, and insider threats
• Security compliance experience: Familiarity with SOC 2, ISO 27001, or similar frameworks
• BYOD security models: Experience securing contractor and vendor access in distributed environments

What Makes You Successful Here

• Ownership mentality: You don't wait to be told what to do. You identify problems, propose solutions, and execute with autonomy.
• Extreme urgency: Crypto moves fast. You thrive in high-velocity environments and can ship quickly without sacrificing quality.
• Builder's mindset: You see security as an enabler, not a blocker. You build elegant solutions that protect without creating friction.
• Technical depth: You can dive deep into complex problems, debug issues across the stack, and architect scalable solutions.
• Pragmatic security: You balance security best practices with business needs and user experience. Perfect security doesn't exist—effective security does.
• Growth mindset: You embrace new technologies (including AI), stay current with evolving threats, and constantly expand your skill set.
• Strong communication: You can explain security concepts to engineers and executives alike, and you document your work clearly.

Why Work With Us

Opportunity

We are a team of experienced builders in the blockchain and crypto industry. Our journey began from users seeking an easy, seamless path to accessing the crypto ecosystem. This passion fueled our exponential growth, allowing us to onboard over 7M+ active users in just over three years; with our user base growing weekly. Our dedication to a secure and seamless user experience has made us the leading wallet on Solana as well as our multi-chain approach enhances our platform's versatility, meeting the needs of a diverse and growing user base. By staying at the forefront of technology and user expectations, we continue to innovate and set industry standards on self-custodial crypto wallets.

There has never been a better time to work in crypto to help shape the future of innovation with a focus around the wallet experience!

• First impressions matter: Wallets are responsible for a users first impression with crypto and onboarding new users into crypto. By ensuring that a user has a great first-time experience with crypto, we can help supercharge the growth of the entire ecosystem.
• Make crypto easier to navigate: There is no easy way for a user to discover and navigate all that crypto has to offer. Wallets have a unique opportunity to help users not only onboard to crypto but also stay retained by exploring new things to do.
• We live in a multi-chain world: We currently support Solana, Ethereum, Polygon and Bitcoin with more networks to come in the new future. We are focused on creating a unified, multi-chain crypto experience for users.

Benefits

• Competitive salary and equity
• Comprehensive insurance (medical/dental/vision) — 100% covered
• Stipend for your ideal remote set-up
• Flexible hours and a supportive remote environment
• Unlimited vacation: Take time when you need it (and we really mean it!)

• 401(K) Retirement Plan

• Monthly Wellness Benefit

• Weekly Meal Benefit

• Global Off-Sites

• Competitive salary and equity
• Comprehensive insurance (medical/dental/vision) — 100% covered
• Stipend for your ideal remote set-up
• Flexible hours and a supportive remote environment
• Unlimited vacation: Take time when you need it (and we really mean it!)

We strongly encourage candidates of all different backgrounds to apply. We believe that our work is stronger with a variety of perspectives, and we’re eager to further diversify our company. If you have a background that you feel would make an impact at Phantom, please consider applying. We’re committed to building an inclusive, supportive place for you to do the best work of your career.

The target base salary for this role will range between $225,000 to $285,000 with the addition of equity and benefits. This is determined by a few factors including your skillset, prior relevant experience, quality of interviews and market factors (such as location) at the point in time of offer.