Senior Infrastructure Security Engineer

About Matter LabsMatter Labs builds private settlement infrastructure that lets regulated institutions settle directly with each other without exposing data, ceding control, or waiting days. Global finance moves $4 quadrillion a year on systems designed for paper and telex. The institutions that built them - from DTCC to NYSE to the world's largest banks are now actively replacing them. We're building what comes next.Our core product, Prividium, gives each institution its own private settlement environment (a Prividium Zone) with independent governance and built-in interoperability across counterparties, asset classes, and jurisdictions. Settlement happens through zero-knowledge proofs: one party proves a transaction is valid without revealing any underlying data to the counterparty. The only private settlement infrastructure built on zero-knowledge cryptography.Founded in 2018. Backed by a16z and Union Square Ventures. A fully remote team of around 90 with eight years of production zero-knowledge infrastructure behind us, now pointed at the biggest problem in institutional finance.About the roleJoin Matter Labs as a Senior Infrastructure Security Engineer and help secure the corporate and production infrastructure that powers ZKsync. You'll own defenses across identity, endpoint, and detection-and-response. You'll partner closely with IT Ops, DevOps, Protocol Security, and Engineering to make security a default property of how we operate, not a checkpoint.This role is ideal for someone who enjoys building durable detections instead of triaging noise, and is motivated by the mission of protecting open-source, decentralized infrastructure.Matter Labs runs a deliberately lean, high-leverage security organization. You won't be one of fifty detection engineers. You'll own the corporate detection-and-response stack and have a direct line to the people building ZKsync. The work matters: this infrastructure protects an open-source ecosystem, the team behind it, and a meaningful chunk of value moving on Ethereum L2.Key Responsibilities Identity & Collaboration Security Own the security configuration of our identity and collaboration stack: identity and access policies, third-party app governance, DLP, context-aware access, and admin audit. Drive least-privilege and phishing-resistant MFA across the org. Detection & Response Build, tune, and maintain detections. Design response playbooks for high-signal alerts, onboard new log sources, and own the detection-as-code pipeline. Reduce mean-time-to-detect and mean-time-to-respond on real incidents. Cloud & Infrastructure Security Harden our cloud footprint, Kubernetes clusters, and CI/CD pipelines. Review Infrastructure as Code for security regressions, embed guardrails, and partner with DevOps on secrets management and supply-chain controls. Endpoint Security Own the security posture of the endpoint estate, including MDM configuration, baseline hardening, EDR tuning, and endpoint telemetry. Make sure the controls hold up without making engineers' machines miserable to use. Incident Response Lead and participate in security incident investigations end-to-end: containment, forensics, root cause, remediation, and post-mortem. Improve runbooks and detections after every incident. Secure Systems Design Run threat models and architecture reviews for new internal systems and infrastructure changes. Translate findings into concrete, prioritized work, not lists of concerns. Cross-Team Collaboration Work alongside Protocol Security, DevOps, IT Ops, and Product Engineering. Raise risks constructively, write clearly, and influence without owning every system. What We're Looking ForMust Have 5+ years of hands-on infrastructure or detection-and-response security experience. Production experience securing a cloud-based identity and collaboration platform at scale, beyond default settings. You can speak to specific policies you've implemented, third-party app governance you've run, and inc...