Senior Security Engineer at Nansen AI

<p><em>Talent Wanted. For hazardous journey. <s>Small wages</s>, bitter cold, long months of complete darkness, constant danger, safe return doubtful. Honour and recognition in case of success.</em></p> <p>Fridtjof Nansen crossed the Arctic, going places no human had ever been. Together with our users, we're doing the same onchain — and someone needs to make sure we don't get killed on the way there.</p> <p>Nansen is a special company. We're building the single best platform for onchain investing — agentic trading, staking infrastructure, AI-powered analytics — and we're scaling fast. Fast enough that security can't be an afterthought bolted on later. It has to be built in, from the start, by someone who knows what they're doing.</p> <p><strong>Our mission:</strong> Surface the signal and create winners.</p> <h2>What you'll do at Nansen</h2> <p>You'll be the person who makes sure we can move fast without breaking things that matter. That means embedding security into everything we build — cloud infrastructure, applications, CI/CD pipelines, AI systems, staking operations — across a generalist role that spans the full surface area.</p> <ul> <li>Run security assessments across systems, architectures, and code — find the vulnerabilities before someone else does</li> <li>Advise engineering teams on secure design decisions. You're a partner, not a blocker</li> <li>Deploy and maintain security infrastructure: SIEM, vulnerability scanning, endpoint protection, logging — the things that let us sleep at night</li> <li>Secure our CI/CD pipelines and deployment workflows end-to-end</li> <li>Own secrets management, key management, and access controls. No shortcuts</li> <li>Address LLM security head-on: API key management, prompt injection prevention, and the risks that come with shipping AI-powered products at speed</li> <li>Coordinate penetration tests and security audits with external vendors</li> <li>Create and maintain secure coding guidelines and code review processes that engineers actually follow</li> <li>Represent the Security Team in the incident response process</li> <li>Drive compliance readiness — SOC 2, ISO 27001 — pragmatically, not bureaucratically</li> </ul> <h2>What we're looking for</h2> <ul> <li>You've built and hardened production security at scale — you know the difference between a policy document and an actually secure system</li> <li>Strong cloud security knowledge (AWS, GCP or equivalent). Container security and network security fundamentals</li> <li>Hands-on experience implementing security tooling, not just evaluating it</li> <li>Secrets and key management expertise — you've manage