About Project Eleven

Project Eleven is an applied lab of builders and technologists working at the intersection of quantum computing and cryptography. We build impactful solutions that push the digital-asset ecosystem to a more secure future. Our focus is post-quantum migration: upgrading wallets, identity, and settlement rails to quantum-safe primitives without breaking UX, composability, and developer workflows.

Our mission is to future-proof digital assets and preserve self-sovereignty in a post-quantum world. We do that by building the canonical tooling and products teams can adopt: crypto-agile infrastructure, reference implementations, and integrations that fit real constraints like latency, cost, compatibility, key rotation, and recovery.

We work with leading ecosystems to make this migration real through products we build, audits, testnets, and cutting edge research. The vision we are have is clear: a proven upgrade path, production-ready tooling and users retaining control of their assets and identity, before CRQC exists.

The role

We're hiring a Senior Security Engineer to own product and platform security across Project Eleven. You'll set the security posture for our institutional product where security and trust of our systems matter most to our customers. This is a high-ownership role with broad scope. You'll shape threat models, harden services and supply chain, lead our compliance program, and partner closely with engineering to ship secure by default.

This role is a full-time, fully remote position in Europe (GMT to GMT+2).

What you'll be responsible for

• Owning the security posture of our institutional product end-to-end: threat models, secure design reviews, sensitive operational procedures, incident response

• Partnering with engineering on secure design across our backend systems, including review of cryptographic protocols and integrations

• Building out our application security program: secure SDLC, code review standards, supply chain hardening, dependency scanning, secrets management

• Establishing and operating vulnerability management, penetration testing cadence, and bug bounty as we scale

• Developing our incident response capability: runbooks, on-call rotation, postmortem culture

• Collaborating on our compliance program (SOC 2 Type II as the first milestone) and establishing controls, policies, and evidence collection that hold up to institutional due diligence

• Acting as the security voice in customer conversations, due diligence questionnaires, and security reviews with institutional buyers

What you bring

• 5+ years in security engineering, with significant ownership of a production security program (not purely advisory or audit-side)

• Experience securing systems at meaningful scale with strong correctness, durability, or regulatory requirements

• Strong applied cryptography knowledge: key management, signing protocols, secure key handling at rest and in use

• Experience taking an organisation through SOC 2, ISO 27001, or equivalent

• Hands-on experience with cloud security (AWS) and modern deployment platforms; comfortable reading and writing infrastructure code

• Track record of partnering with engineering teams rather than gating them; you ship security improvements as code and policy, not just tickets

• Strong threat modeling instincts and the ability to make pragmatic risk tradeoffs in a fast-moving startup environment

• Strong English communication, including the ability to represent security clearly to institutional customers and auditors

What we'd love to see

• Background in institutional digital-asset infrastructure: custody platforms, exchanges, HSM-backed systems, or regulated financial infrastructure

• Experience with MPC, threshold signing, HSM integration, or other distributed cryptographic protocols in production

• Familiarity with post-quantum cryptography and the operational implications of migrating cryptographic primitives

• Experience running incident response for a security-critical product

• Prior experience as the first security hire at a startup, or building a security function from scratch

• Offensive security background (red team, pentesting, vulnerability research) as a complement to defensive work

• Open-source contributions to security tooling, cryptography, or related infrastructure