All roles

Open role

Senior Infrastructure Security Engineer

Remote · United Kingdom Full-time

About Matter Labs Matter Labs builds private settlement infrastructure that lets regulated institutions settle directly with each other without exposing data, ceding control, or waiting days. Global finance moves $4 quadrillion a year on systems designed for paper and telex. The institutions that built them - from DTCC to NYSE to the world's largest banks are now actively replacing them. We're building what comes next. Our core product, Prividium, gives each institution its own private settlement environment (a Prividium Zone) with independent governance and built-in interoperability across counterparties, asset classes, and jurisdictions. Settlement happens through zero-knowledge proofs: one party proves a transaction is valid without revealing any underlying data to the counterparty. The only private settlement infrastructure built on zero-knowledge cryptography. Founded in 2018. Backed by a16z and Union Square Ventures. A fully remote team of around 90 with eight years of production zero-knowledge infrastructure behind us, now pointed at the biggest problem in institutional finance. About the role Join Matter Labs as a Senior Infrastructure Security Engineer and help secure the corporate and production infrastructure that powers ZKsync. You'll own defenses across identity, endpoint, and detection-and-response. You'll partner closely with IT Ops, DevOps, Protocol Security, and Engineering to make security a default property of how we operate, not a checkpoint. This role is ideal for someone who enjoys building durable detections instead of triaging noise, and is motivated by the mission of protecting open-source, decentralized infrastructure. Matter Labs runs a deliberately lean, high-leverage security organization. You won't be one of fifty detection engineers. You'll own the corporate detection-and-response stack and have a direct line to the people building ZKsync. The work matters: this infrastructure protects an open-source ecosystem, the team behind it, and a meaningful chunk of value moving on Ethereum L2.

Key Responsibilities

Identity & Collaboration Security Own the security configuration of our identity and collaboration stack: identity and access policies, third-party app governance, DLP, context-aware access, and admin audit. Drive least-privilege and phishing-resistant MFA across the org. Detection & Response Build, tune, and maintain detections. Design response playbooks for high-signal alerts, onboard new log sources, and own the detection-as-code pipeline. Reduce mean-time-to-detect and mean-time-to-respond on real incidents. Cloud & Infrastructure Security Harden our cloud footprint, Kubernetes clusters, and CI/CD pipelines. Review Infrastructure as Code for security regressions, embed guardrails, and partner with DevOps on secrets management and supply-chain controls. Endpoint Security Own the security posture of the endpoint estate, including MDM configuration, baseline hardening, EDR tuning, and endpoint telemetry. Make sure the controls hold up without making engineers' machines miserable to use. Incident Response Lead and participate in security incident investigations end-to-end: containment, forensics, root cause, remediation, and post-mortem. Improve runbooks and detections after every incident. Secure Systems Design Run threat models and architecture reviews for new internal systems and infrastructure changes. Translate findings into concrete, prioritized work, not lists of concerns. Cross-Team Collaboration Work alongside Protocol Security, DevOps, IT Ops, and Product Engineering. Raise risks constructively, write clearly, and influence without owning every system.

What We're Looking For

Must Have 5+ years of hands-on infrastructure or detection-and-response security experience. Production experience securing a cloud-based identity and collaboration platform at scale, beyond default settings. You can speak to specific policies you've implemented, third-party app governance you've run, and incidents you've worked. Hands-on experience with a modern SIEM and SOAR: writing detections, onboarding log sources, building response playbooks, and tuning to reduce false positives. Strong cloud security background, including IAM, network controls, workload identity, and organization-level guardrails. Practical experience securing a macOS-dominant endpoint fleet: MDM, endpoint hardening baselines, and EDR. Comfort reasoning about Mac-specific attack paths and telemetry. Familiarity with Infrastructure as Code, secrets management, and security automation. Real incident response experience. You've been on-call for security and led investigations to conclusion. Clear, constructive technical communication across engineering and non-engineering stakeholders.

Nice to Have

Blockchain / Web3 exposure. Familiarity with the security considerations of decentralized infrastructure, validator/sequencer operations, key management for on-chain systems, or hot/cold wallet ops. Bonus for Ethereum, Solidity, or ZK-related background. Compliance framework experience with SOC 2 and ISO 27001. Helped a security team build or maintain controls under one or both frameworks, including evidence collection, control design, working with auditors, and mapping technical safeguards to control criteria. Comfort translating compliance requirements into real engineering work, without letting compliance dictate the engineering. Kubernetes security (admission control, runtime detection, supply chain). Detection engineering as code: Git-based rule management, CI for detections, purple-team validation. Experience in lean security teams where you've owned a domain end-to-end rather than a narrow slice. Work model & pay Remote‑first: work wherever you’re most effective; optional travel to team or industry events. Ideally East Coast or European time zone. Freedom & ownership culture: no time tracking, minimum bureaucracy-only results matter. For more on how we work, check out our Team Handbook

More open positions

Senior Product Manager

Work from home Full-time role

Sr. Sales Enablement Manager

Work from home Full-time role

CUSTOMER SERVICE REPRESENTATIVE 4

Work from home Full-time role

Head of National Strategic Accounts

Work from home Full-time role

AI Engineer

Work from home Full-time role

Customer Support Lead – Bilingual Spanish

Work from home Full-time role

New York Commercial Title Examiner (Remote)

Work from home Full-time role

Director - Employee Rewards

Work from home Full-time role

Only W2 / 1099 Contract | Senior AI Data Engineer (Data Platforms, GenAI, RAG, Cloud) | Remote (PST Zone)

Work from home Full-time role

Senior Technical Proposal Writer (Contract: 2 to 4 months: Remote)

Work from home Full-time role

Part‑Time Remote Data Entry Associate – Flexible Home‑Based Role for High School Students

Work from home Full-time role

Senior Payroll Specialist - Remote

Work from home Full-time role

Learning Consultant + Math Teacher

Work from home Full-time role

Associate Test Engineer - Must Be in Salem Office 3 Days Per Week

Work from home Full-time role

Executive Director, Global Enablement - Field Readiness (Remote - US)

Work from home Full-time role

Itinerary Administrative Coordinator

Work from home Full-time role

Software Engineer, iOS Core Product - Lima, Peru

Work from home Full-time role

Clinical Trials Research Asst/Data Manager - Children's Oncology Group

Work from home Full-time role

Part-Time Remote Virtual Assistant & Data Entry Specialist – Precision, Organization, and Communication Excellence at careerzynith

Work from home Full-time role

Part time Web Developer / WordPress VA | Remote | PH Based | Working US Timezone

Work from home Full-time role

[Remote] Billing Supervisor - Healthcare

Work from home Full-time role