Logo Decentralized Masters

DevOps Security Engineer

Decentralized Masters

Job

  • Level
    Senior
  • Job Field
    IT, DevOps, Test/QA
  • Employment Type
    Full Time
  • Contract Type
    Permanent employment
  • Location
    Berlin
  • Working Model
    Full Remote, Onsite

    • Job Summary

    In this role, you will be responsible for the security strategy of a platform, implementing tests, conducting penetration testing, and developing code to close security gaps and ensure software quality.

    Job Technologies

    Your role in the team

    • You will be the single person responsible for the security of a platform that tracks hundreds of millions in digital assets. That is the job. Everything else is secondary.
    • Your primary responsibilities are security and quality assurance. You own penetration testing, vulnerability assessments, threat modeling, automated test frameworks, and CI quality gates across every product we ship.
    • You also own infrastructure: AWS, CI/CD pipelines, monitoring, and incident response.
    • And because we are a small, senior team, you will write production code when security and QA responsibilities are covered.
    • Security (Primary): Own the security posture across all products: Legacy, Trading Bot, and future platforms.
    • Conduct regular penetration testing, vulnerability assessments, and threat modeling aligned with OWASP standards and methodologies.
    • Ensure full coverage of the OWASP Top 10 in application security testing, code reviews, and deployment checks.
    • Perform security-focused code reviews across frontend, backend, and infrastructure code, catching what standard code reviews miss.
    • Implement and manage secrets management (Vault, AWS Secrets Manager, or KMS), access controls, and least-privilege policies.
    • Build and maintain incident response playbooks. When something breaks, you lead the response, run the post-mortem, and ship the fix.
    • Stay ahead of Web3 and crypto-specific attack vectors: phishing campaigns, wallet exploits, API key compromises, supply chain attacks, and social engineering.
    • Manage and coordinate external security audits and penetration tests from third-party firms.
    • Quality Assurance & Testing (Primary): Design and implement test strategies across all products: unit tests, integration tests, end-to-end tests, API tests, and regression suites.
    • Build and maintain automated testing frameworks and CI quality gates that prevent broken code from reaching production.
    • Define and track quality metrics: test coverage, flakiness rate, regression detection latency, and bug escape rate.
    • Write and execute security test cases: authentication flows, authorization controls, input validation, API abuse scenarios, and edge cases around financial data.
    • Perform both white-box and black-box testing, leveraging full codebase access to catch issues that surface-level QA would miss.
    • Test across the full stack: frontend UI, backend APIs, database queries, third-party integrations, and on-chain interactions.
    • Infrastructure & DevOps (Foundation): Maintain and improve cloud infrastructure on AWS using Infrastructure as Code (Terraform or CloudFormation).
    • Own CI/CD pipelines (GitHub Actions preferred): automated testing, security scanning, linting, and deployment.
    • Harden infrastructure: network security, IAM policies, container security, and environment isolation.
    • Build logging, monitoring, and alerting across all services (CloudWatch, Prometheus, Grafana, or equivalent).
    • Ensure audit trails for user actions, system changes, and access events.
    • Manage production reliability, incident response, and cost optimization.
    • Fullstack Development (When the fortress is secure): Contribute production code across frontend and backend, bringing a security-first mindset to every feature you build.
    • Build features, fix bugs, and ship improvements alongside the engineering team.
    • Every line you write should make the product better and harder to break: input validation, error handling, authentication, and data protection by default.
    • Participate in architecture discussions and code reviews, advocating for testability, reliability, and security in every decision.

    This text has been machine translated. Show original

    Our expectations of you

    Qualifications

    • Starkes praktisches Wissen der OWASP-Standards, einschließlich der OWASP Top 10, des OWASP Testing Guide und der sicheren Programmierpraktiken von OWASP.
    • AWS expertise (EC2, ECS/EKS, Lambda, VPC, IAM, S3, RDS, CloudFront, WAF).
    • Container technologies: Docker and Kubernetes in production environments.
    • Scripting and automation proficiency in Bash and Python.
    • Vertrautheit mit Sicherheits- und Testtools (Burp Suite, OWASP ZAP, Selenium, Cypress, Jest, Postman oder gleichwertig).
    • Strong communication skills: you can explain security risks and quality tradeoffs clearly to non-technical stakeholders.
    • Security certifications: OSCP, CISSP, CompTIA Security+, AWS Security Specialty, or equivalent.
    • Vertrautheit mit Web3-spezifischen Sicherheitsaspekten: Wallet-Sicherheit, Schlüsselverwaltung, On-Chain-Überwachung, Phishing-Minderung.
    • Bug bounty participation, CVE publications, or contributions to open-source security tooling.

    Experience

    • 5+ years in software engineering roles with meaningful, hands-on security and QA experience. We will verify this. If your security experience is theoretical, this is not the right fit.
    • Fullstack development experience: you can build and ship features across frontend (React or equivalent) and backend (Node.js, Python, Go, or equivalent).
    • Hands-on penetration testing and vulnerability assessment experience across web applications, APIs, and cloud infrastructure.
    • Experience building automated test frameworks and integrating testing into CI/CD pipelines.
    • Infrastructure as Code experience (Terraform, CloudFormation, or Pulumi).
    • Experience with secrets management tools (HashiCorp Vault, AWS Secrets Manager, or similar).
    • Experience at a crypto, DeFi, Web3, or fintech product company (Coinbase, Phantom, Stripe, Casa, MetaMask, Zerion, Ramp, or similar).
    • SDET background or experience in a hybrid development-and-testing role.
    • Experience testing financial systems: payment flows, ledger integrity, double-spend prevention, or transaction monitoring.
    • Experience implementing zero-trust architectures.

    This text has been machine translated. Show original

    What we offer

    • Competitive salary + performance-based incentives tied to retention & LTV improvement.
    • Direct exposure to founders.
    • Team offsites.
    • Remote work.
    • High ownership, high-impact role.

    This text has been machine translated. Show original

    Topics that you deal with on the job

    Job Locations

    • Location Berlin

      Germany

    This is your employer

    Decentralized Masters

    Decentralized Masters

    Decentralized Masters is a community-oriented platform that provides institutional training, personal mentorships, and daily educational content for investors in DeFi. The company has over 4,000 members and focuses on long-term wealth strategies using its proprietary ABN system. It is also developing a software division with products like the Legacy Wallet and trading bots.

    Description

  • Company Type
    Startup
  • Working Model
    Full Remote, Onsite
  • Industry
    Education System
    • Logo Decentralized Masters

    DevOps Security Engineer

    Decentralized Masters
    Location
    Berlin
    Working Model
    Full Remote, Onsite
    Diversity
    Open for all genders
    English Only
    English only required

    More Jobs