Who you are

• 5+ years of experience in corporate/enterprise security, IT security, or endpoint security engineering
• Deep hands-on expertise with:
• MDM platforms: JAMF, Kandji, Intune, or similar for macOS/iOS fleet management
• EDR/XDR solutions: CrowdStrike, SentinelOne, Microsoft Defender, or similar
• Identity & Access Management: Okta, Azure AD/Entra ID, or similar SSO/IAM platforms
• Authentication protocols: SAML, OAuth, OIDC, SCIM
• Zero Trust architecture: Device trust, conditional access, identity verification, and least-privilege access models
• Strong scripting/automation skills: Python, Go, Bash for security automation and tooling
• Cloud security knowledge: Hands-on experience with AWS, GCP, or Azure
• MacOS security expertise: Deep understanding of macOS security architecture, hardening, and management
• Proven ability to independently manage projects, navigate ambiguity, and drive initiatives to completion
• Collaboration skills: Ability to work cross-functionally, influence without authority, and translate security requirements for non-technical stakeholders
• Security-first mindset with practical knowledge of zero-trust principles, defense-in-depth, and risk-based security
• Crypto/Web3 or fintech experience: Prior work at crypto exchanges, wallets, DeFi protocols, or fintech startups
• Detection engineering background: Experience with SIEM, log analysis, threat hunting, or SOC operations
• Modern threat landscape knowledge: Understanding of adversary tactics, techniques, and procedures (TTPs) including social engineering, phishing, and insider threats
• Security compliance experience: Familiarity with SOC 2, ISO 27001, or similar frameworks
• BYOD security models: Experience securing contractor and vendor access in distributed environments

What the job involves

• We're seeking a Senior/Staff Security Engineer to own and scale the security of Phantom's corporate infrastructure
• This is a foundational role—you'll be our first dedicated corporate security hire, working directly with the Head of Security to build enterprise security capabilities from the ground up
• You'll protect our distributed workforce, secure our corporate systems, and enable our team to move fast without compromising safety
• This role sits at the intersection of security engineering, IT operations, and risk management, where you'll build security controls that are both robust and user-friendly
• Design, implement, and manage security for all corporate endpoints across our fully distributed workforce
• Deploy and operate our security stack including MD, EDR/XDR, ZTNA and SSO
• Implement zero-trust architecture principles including device trust, conditional access, and least-privilege controls
• Enforce security baselines, hardening standards, and compliance policies across all corporate systems
• Build and maintain secure authentication systems and identity management workflows
• Lead security initiatives for endpoint hardening, access controls, and corporate infrastructure protection
• Conduct security design reviews and risk assessments for new services, tools, and integrations
• Perform vulnerability assessments and drive remediation efforts across corporate systems
• Partner with IT and cross-functional teams to balance security requirements with business velocity
• Develop and enforce IT security policies, standards, and procedures aligned with industry best practices
• Respond to security incidents and events impacting corporate systems with urgency and technical depth
• Collaborate with the Detection & Response team to build detection rules, alerts, and monitoring for corporate infrastructure threats
• Automate security workflows using Python, Go, or similar languages to reduce manual toil
• Create runbooks and playbooks for common security scenarios
• Leverage security tooling and automation to scale security operations efficiently
• Evangelize security best practices through education, training, and internal communications
• Build security awareness programs that empower employees to make secure decisions
• Partner with engineering teams to embed "secure by default" principles into development workflows
• Serve as a trusted security advisor across the organization
• What Makes You Successful Here:
• Ownership mentality: You don't wait to be told what to do. You identify problems, propose solutions, and execute with autonomy
• Extreme urgency: Crypto moves fast. You thrive in high-velocity environments and can ship quickly without sacrificing quality
• Builder's mindset: You see security as an enabler, not a blocker. You build elegant solutions that protect without creating friction
• Technical depth: You can dive deep into complex problems, debug issues across the stack, and architect scalable solutions
• Pragmatic security: You balance security best practices with business needs and user experience. Perfect security doesn't exist—effective security does
• Growth mindset: You embrace new technologies (including AI), stay current with evolving threats, and constantly expand your skill set
• Strong communication: You can explain security concepts to engineers and executives alike, and you document your work clearly

Benefits

• Comprehensive insurance (medical/dental/vision) — 100% covered
• Stipend for your ideal remote / WFH set-up: laptop, headphones, and any other work gear you may need
• Flexible hours and a long-standing, supportive remote environment
• Unlimited vacation: Take time when you need it (and we really mean it!)
• 401(k) retirement plan
• Wellness benefit
• Daily lunch benefit