Senior Infrastructure Security Engineer

Senior Infrastructure Security Engineer

Matter Labs

At Matter Labs, we believe freedom drives progress and prosperity. Our mission is to advance freedom for all — through mass adoption of crypto. To make that real, we’re building ZKsync, a verifiable blockchain network secured by zero‑knowledge proofs. Backed by over $250 million in funding from some of the world’s smartest investors, we move fast, ship often, and judge ourselves by the results we create.

More than 20 teams already run or are building custom ZKsync chains on our network, from crypto leaders like , Abstract, and Lens, to global brands such as Deutsche Bank and Xsolla.

Join Matter Labs as a Senior Security Engineer (Infrastructure) and play a critical role in securing the infrastructure that powers zkSync. You’ll work across cloud, application, and systems layers to build and maintain robust defenses. Partnering closely with Dev Ops, engineering, and protocol security to embed security into everything we ship. This role is ideal for someone who thrives in high‑impact environments, enjoys solving complex technical challenges, and is motivated by the mission of protecting open‑source and decentralized infrastructure.

• Infrastructure & Cloud Security:
  Design and implement secure infrastructure; including hardening cloud environments, containers, and CI/CD pipelines.
• Detection & Response Readiness:
  Help build detection and monitoring systems (e.g., SIEM, alerting pipelines) to ensure early threat detection and effective incident response.
• Secure Systems Design:
  Collaborate with engineers and Dev Ops to identify security risks in architecture reviews, system upgrades, and deployment plans.
• Infrastructure as Code (IaC):
  Contribute to the design and review of Terraform, Ansible, or similar IaC, ensuring security is embedded from the ground up.
• Security Reviews & Remediation:
  Participate in threat modeling, internal audits, and hands‑on vulnerability remediation across our stack.
• Cross‑Team
  
  Collaboration:
  
  Work closely with Protocol Security, Dev Ops, and Product Engineering to align on shared security goals and ensure coverage across the full lifecycle.
• Optional:
  On‑chain Infra Anomaly Detection:
  Help implement tools to detect unusual infrastructure‑level activity from on‑chain signals (e.g., misuse of credentials or suspicious deployment patterns).

• Strong Infrastructure Security Background:
  Hands‑on experience securing cloud‑native environments (e.g., AWS, GCP), Kubernetes, CI/CD pipelines, and internal systems.
• Deep Technical Fluency:
  Practical knowledge of threat modeling, incident response, vulnerability management, and systems architecture.
• IaC & Dev Sec Ops  Mindset:
  Familiarity with Infrastructure as Code (Terraform, etc.), secrets management, and security automation tooling.
• Bias for Action: A self‑starter who’s comfortable with ambiguity and can drive security work through delivery — not just assessment.
• Collaborative Communicator:
  Able to partner across teams, raise risks constructively, and translate complex security concepts to technical and non‑technical stakeholders.
• Web3 Awareness (Nice to Have):
  Familiarity with the security considerations of decentralized infrastructure and open‑source ecosystems. Bonus for knowledge of Ethereum, Solidity, or ZK‑related tech.

• Remote‑first: work wherever you’re most effective; optional travel to team or industry events. Ideally East Coast or European time zone.
• Freedom & ownership culture: no time tracking, minimum bureaucracy—only results matter.

• Competitive compensation, equity, and token package
• Premium health, dental, and vision coverage
• 16 weeks paid parental leave
• Flexible paid time off plus company‑wide closure weeks
• $2 000 equipment stipend & $300 monthly co‑working allowance

See full benefits

For more on how we work, check out our Team Handbook.