Role Overview
We are hiring a Security Architect to design and own security across our entire ecosystem spanning:
• On-chain programs (Solana)
• Backend infrastructure (APIs, AWS, databases)
• Wallet + transaction flows
• Economic and incentive systems
This is a foundational role, working directly with founders and engineering teams to ensure all products are secure by design before development begins.
Role & responsibilities
1. Security Architecture (Primary Responsibility)
• Design end-to-end security architecture for each product before development
• Define trust boundaries, attack surfaces, and threat models
• Review all system architecture (backend + on-chain + APIs)
2. Threat Modeling & Risk Analysis
• Conduct structured threat modeling (STRIDE or equivalent)
• Identify risks across:
• Smart contracts (Solana programs)
• APIs and backend systems
• Wallet interactions and signing flows
• Maintain living threat models as products evolve
3. Smart Contract Security (Solana-Focused)
• Define secure design patterns for:
• PDA authority management
• Upgradeability vs immutability
• Access control & permissions
• Review program logic before and during development
• Work closely with Rust engineers on secure implementation
4. Key Management & Access Control
• Design secure systems for:
• Multisig (e.g., Squads)
• Treasury management
• Admin privileges
• Define hot vs cold wallet policies
• Ensure secure handling of signing flows and relayers
5. Infrastructure & Backend Security
• Architect security for:
• APIs (rate limiting, auth, abuse prevention)
• AWS/cloud environments
• RPC integrations (Helius, Triton, etc.)
• Define best practices for:
• Secrets management
• Database security
• CI/CD pipelines
6. Economic & Protocol Security (Critical)
• Identify and mitigate:
• MEV / front-running risks
• Liquidity manipulation
• Wash trading / incentive abuse
• Oracle manipulation
• Work with product team to ensure incentives are attack-resistant
7. Audit & External Security Management
• Lead coordination with external security firms
• Review audit reports and ensure proper fixes
• Validate remediation before deployment
8. Security Standards & Internal Framework
• Develop and maintain:
Kind Security Standard (KSS)
• Create reusable security frameworks across:
• KindSwap
• Wallet
• Prediction markets
• APIs
9. Incident Preparedness
• Design:
• Emergency controls (pause, circuit breakers)
• Incident response processes
• Define monitoring and alerting strategy
Required Experience
Must Have (Non-Negotiable)
• 3-8+ years in security architecture / application security / DevSecOps
• Experience with Web3 / blockchain security (Solana or Ethereum)
• Strong understanding of:
• Smart contract vulnerabilities
• Key management systems
• API and backend security
• Experience in threat modeling and system design
Strongly Preferred
• Experience with Solana (Rust, Anchor, PDAs)
• Worked on:
• DeFi protocols
• DEX / AMM / aggregators
• Trading or financial systems