Security Analyst

Aptos Foundation is seeking a Security Analyst to help operate and scale security across the organization. Reporting to the Security Lead, this role will support core security workflows spanning phishing response, bug bounty operations, access governance, and operational security hygiene. This is a hands-on, cross-functional role offering broad exposure across security operations, access governance, and threat response—ideal for someone looking to develop a wide view of security in a fast-moving organization.

Responsibilities

• Respond to and triage alerts relating to phishing attacks, impersonation, scams, and brand abuse (e.g. Sublime, Doppel), escalating credible threats where appropriate.
• Coordinate day-to-day operation of the bug bounty program, including communication with researchers, issue tracking, reporting, and internal follow-up.
• Conduct user access reviews and review security settings, access configurations, and administrative controls across business systems, SaaS platforms, and internal infrastructure, tracking remediation where required.
• Support recurring operational security workflows, including documentation, process tracking, and follow-up.

Requirements

• 2+ years of experience in a security-focused role, such as security operations, IAM, application security support, operational security, or a similar domain.
• Familiarity with core security concepts including phishing, authentication, access control, least privilege, and common vulnerability classes.
• Ability to manage multiple concurrent workflows with strong attention to detail and reliable follow-through.
• Clear written communication and confidence coordinating across technical and non-technical stakeholders.
• Self-motivated, organized, and comfortable operating independently in a remote-first environment with minimal supervision.

Nice to Have

• Experience automating operational workflows using LLMs or AI tooling (e.g. Claude).
• Familiarity with common web application vulnerabilities (e.g. OWASP Top 10).
• Exposure to vulnerability disclosure / bug bounty workflows.
• Experience with SaaS administration, access reviews, or IAM processes.
• Experience in web3 environments or familiarity with common web3 threat patterns.

 

The base salary range for this full-time position is $120k - $180k. The range displayed on each job posting reflects the minimum and typical maximum target for new hire salaries for the position of a candidate based in the Bay Area at any level. We do hire exceptionally talented professionals with decades of experience in their field. As such, our range may be higher than what is displayed. Our base salary ranges are determined by experience and location, and we hire at all levels for multiple roles. Within the range, individual pay is determined by work location, job-related skills demonstrated during the interviews, working experience, and relevant education or training. Please note that the compensation details listed in role postings reflect the base salary only and do not include equity, tokens, or benefits. 

#LI-PG1