Director, Ecosystem Product Security

Join Stellar Development Foundation as a Director of Ecosystem Product Security to lead security strategy across the Stellar ecosystem, focusing on reducing security risks and financial loss.

The Stellar Development Foundation (SDF) is a non-profit organization focused on working with and supporting change-makers to create equitable access to the global financial system through blockchain technology.

SDF provides grants, investments, funding, and other awards to builders and organizations.

SDF also develops resources and tooling on the Stellar network to help unlock real world utility.

## What you'll do

• •Define and lead the Foundation’s security strategy across both the Stellar ecosystem and Foundation-owned systems.
• •Raise the practical security baseline for key ecosystem participants, including wallets, infrastructure providers, custodians, issuers, and validators.
• •Publish actionable guidance, reference patterns, and security expectations that drive real adoption across the ecosystem.
• •Build coordination mechanisms for shared risks, incident response, and cross-ecosystem security improvement.
• •Own security outcomes for Foundation-developed software, Foundation-operated infrastructure, and treasury/custody-related responsibilities.
• •Partner with Engineering, Finance, Legal, IT, and Corporate Security to drive implementation of security controls and secure operating practices.
• •Lead secure development efforts across architecture, threat modeling, vulnerability management, bug bounty programs, and product incident response.
• •Build and lead a high-performing security team, while translating strategy into execution plans and measurable outcomes.
• •Represent the Foundation externally as a credible technical leader and convener on ecosystem security.

## Conditions

• •Competitive health, dental & vision coverage with most plans covered at 100% for the employee + any dependents.
• •Flexible time off + 15 company holidays including a company-wide holiday break.
• •Up to 12 weeks of paid parental leave for both non-birthing and birthing parents, as well as up to 14 weeks of paid pregnancy leave for birthing parents.
• •Gym reimbursement ($80 per month).
• •Life & ADD (up to $50K).
• •Short & Long term disability.
• •401K with 4% match.
• •Health & Dependent Care FSA Accounts.
• •Commuter benefits with $250/month employer contribution.
• •Health Savings Account (HSA) with monthly employer contribution.
• •Family building benefits through Kindbody.
• •Wellbeing benefits (One Medical, Rightway, Headspace).
• •L&D budget of $1,500/year.
• •Daily lunch and snacks in office.
• •Company retreats.

• •10+ years of experience in security, including significant experience in senior leadership roles.
• •5+ years leading security programs, teams, or functions with meaningful scope.
• •A track record of owning security outcomes for complex, high-consequence systems in production.
• •Deep experience in product and application security, with hands-on judgment in real-world environments.
• •Strong familiarity with blockchain and decentralized system security.
• •The ability to assess and prioritize risk across areas such as protocol design, smart contracts, wallets, validators, dependencies, and governance mechanisms.
• •Experience driving security improvements across multiple teams, organizations, or ecosystem participants, including in environments where you do not have direct authority.
• •Strong incident judgment, including experience handling high-severity incidents and disclosure processes.
• •A pragmatic approach to security, with the ability to make tradeoffs that reduce real-world risk rather than optimize for theoretical completeness.
• •Experience building, leading, and developing high-performing security teams.
• •The ability to set strategy, translate it into execution, and deliver measurable outcomes.
• •Clear communication skills and the credibility to work effectively with engineers, executives, and external ecosystem participants.
• •Experience operating in environments where security failures could lead to financial loss, operational disruption, or loss of trust.