Director, Ecosystem Product Security
About the role
Since 2014, the mission-driven team at the Stellar Development Foundation (SDF) has helped fuel the tremendous growth of the Stellar blockchain network, an open-source platform that operates at high-scale today. Developers and companies around the world build on it, and the SDF team is expanding to support the rapidly growing and changing Stellar ecosystem. We're hiring a Director, Ecosystem & Product Security to lead security strategy across the Stellar ecosystem and directly own security outcomes for Foundation-developed systems, Foundation-operated infrastructure, and treasury-related security responsibilities.
Responsibilities
- Define and lead the Foundation’s security strategy across both the Stellar ecosystem and Foundation-owned systems
- Raise the practical security baseline for key ecosystem participants, including wallets, infrastructure providers, custodians, issuers, and validators
- Publish actionable guidance, reference patterns, and security expectations that drive real adoption across the ecosystem
- Build coordination mechanisms for shared risks, incident response, and cross-ecosystem security improvement
- Own security outcomes for Foundation-developed software, Foundation-operated infrastructure, and treasury / custody-related responsibilities
- Partner with Engineering, Finance, Legal, IT, and Corporate Security to drive implementation of security controls and secure operating practices
- Lead secure development efforts across architecture, threat modeling, vulnerability management, bug bounty programs, and product incident response
- Build and lead a high-performing security team, while translating strategy into execution plans and measurable outcomes
- Represent the Foundation externally as a credible technical leader and convener on ecosystem security
Requirements
10+ years of experience in security, including significant experience in senior leadership roles
5+ years leading security programs, teams, or functions with meaningful scope
Deep experience in product and application security, with hands-on judgment in real-world environments
Strong familiarity with blockchain and decentralized system security
The ability to assess and prioritize risk across areas such as protocol design, smart contracts, wallets, validators, dependencies, and governance mechanisms
Experience driving security improvements across multiple teams, organizations, or ecosystem participants, including in environments where you do not have direct authority
Strong incident judgment, including experience handling high-severity incidents and disclosure processes
A pragmatic approach to security, with the ability to make tradeoffs that reduce real-world risk rather than optimize for theoretical completeness
Experience building, leading, and developing high-performing security teams
The ability to set strategy, translate it into execution, and deliver measurable outcomes
Clear communication skills and the credibility to work effectively with engineers, executives, and external ecosystem participants
Experience operating in environments where security failures could lead to financial loss, operational disruption, or loss of trust
Qualifications
Experience with secure development frameworks such as NIST SSDF
Familiarity with Web3 security frameworks such as OWASP SCSVS or SEAL
Experience in financial infrastructure, payments, custody, or tokenized finance
Experience with large-scale platform or ecosystem security architecture
Experience in identity, trust, encryption, or internet-scale systems