Head of Security

Head of Security

Ethena Labs is at the forefront of the next wave of DeFi, dedicated to building products for modern finance. Ethena is a synthetic dollar protocol built on Ethereum that provides a crypto-native solution for money, USDe, alongside a globally accessible dollar savings asset, sUSDe.

Our core mission is to provide truly crypto-native financial solutions that are globally accessible and bridge the gap between Trad Fi and the digital asset economy. We believe in transparency, efficiency, and empowering both individuals and institutions with greater control over their assets.

As the Head of Security, you will lead and own the comprehensive security strategy for our Ethena. You will be functionally accountable for all aspects of security, ensuring the protection of our assets, infrastructure, data, personnel, and facilities. This includes cybersecurity, blockchain security, physical security, and operational security. This is a pivotal opportunity to build a security-first culture in a fast-paced, high-stakes environment where DeFi innovations meet real-world risks.

You will collaborate closely with Product Engineering, DeFi Engineering, Security Engineering, Dev Ops and non-engineering teams to embed security into every facet of our operations, from smart contract development to physical site protections. By driving compliance, incident response, and proactive threat mitigation, you'll safeguard our users' funds, maintain regulatory alignment, and position the company for scalable growth in the evolving crypto landscape.

• Develop and execute a holistic security strategy encompassing cybersecurity, blockchain security, physical security, and operational security, aligning with industry standards (e.g., NIST, ISO 27001) and DeFi-specific risks.
• Oversee blockchain and smart contract security, including audits, formal verification, secure key management, and protections against exploits like reentrancy or flash loan attacks.
• Build and enforce a robust cybersecurity framework, including threat detection systems (e.g., SIEM, IDS / IPS), secure Dev Ops practices, penetration testing, and vulnerability assessments.
• Manage physical security operations, including access controls, surveillance, executive protection programs, travel risk assessments, and site audits for offices, data centers, events, and key personnel residences.
• Drive compliance and regulatory alignment, achieving milestones such as SOC 2 and ISO 270001; prepare for audits and liaise with regulators.
• Establish incident response and crisis management plans, conducting simulations, drills, and rapid recovery for cyber, physical, or hybrid threats to minimize downtime and losses.
• Foster a security-first culture through training, workshops, and integration of security-by-design principles across all teams.
• Lead and scale the security team, hiring and mentoring Senior / Staff Security Engineers (and potentially physical security specialists), while overseeing the Security Engineering team.
• Implement real-time monitoring, threat intelligence, and performance metrics for digital and physical assets.
• Manage security budgets, vendor relationships, and resources to optimize effectiveness.
• Future-proof security for growth, anticipating emerging threats in DeFi and adapting systems for new products, integrations, and expanded operations.

• 10+ years of progressive experience in security leadership roles, with demonstrated expertise in cybersecurity, physical security, and risk management, preferably in fintech, crypto, or high-tech environments.
• Proven track record in developing and implementing comprehensive security strategies, including blockchain / DeFi security (e.g., smart contract auditing, cryptographic protocols) and physical protections (e.g., executive security, facility assessments).
• Strong leadership skills with experience building and mentoring high-performing teams, including oversight of engineers and coordination with cross-functional stakeholders.
• Expertise in incident response, crisis management, threat intelligence, and compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, AML / KYC);…