Head of Security

NEAR is one of the most active ecosystems in crypto, spanning a Layer-1 protocol, a leading cross-chain intents and settlement layer (NEAR Intents), a consumer-facing financial app (near.com), and a rapidly growing AI stack & agent framework (Ironclaw). It also sits at a turning point on security. Recent industry incidents, the acceleration of AI-enabled attacks, and the emergence of institutional counterparties now requiring a named security owner have made it clear: the ecosystem needs a senior, credible operator to own this function end-to-end.

This is that role. You will be Head of Security, with primary ownership of Defuse Labs (NEAR Intents) and NEAR One — the two entities carrying the highest operational risk — and extending coverage to the NEAR Foundation and NEAR AI in partnership with their leadership. A formal Security Committee provides oversight and governance; you provide execution.

What you'll own

Your objective is to pragmatically manage hard security risks across companies operating complex financial instruments in adversarial cross-chain environments. We care about real practical security first and foremost, not paper-based certifications.

You will be protecting against state actors, insider threats, and countless numbers of LLM agents. The scope includes every single chain we integrate. Think defence in depth, but the depth must cover things like 13-block reorgs of Litecoin or margin trading engine exploits in a partner protocol.

End-to-end security postureDefine and operate security across NEAR Intents and NEAR One — including identity, cloud (AWS/GCP), endpoints, application security, and SecOps — within a crypto-native model where smart contract risk, on-chain monitoring, key management, and validator/infrastructure security are first-class concerns.

Smart contract and protocol securityEstablish security standards, audit strategy, and release gating for production deployments. Own how code moves from development to mainnet.

Incident responseLead ecosystem-wide response across both traditional infrastructure and on-chain events — preparation, detection, containment, and recovery. When incidents happen, you are the point of coordination and decision-making.

Key management and asset securityDesign and oversee key management architecture across protocol, treasury, and operational environments, including MPC, custody models, and access controls.

Offensive securityDefine and run a continuous testing strategy — internal security testing, external audits, red teaming, and bug bounty programs.

Team and toolingBuild a lean, high-leverage security function from the ground up. Decide where commercial tooling is required and where open-source or in-house approaches are more effective.

Governance and external engagementServe as a voting member of the NEAR Security Committee. Act as the primary security counterpart for institutional partners, auditors, and regulators. Work closely with Legal on disclosures, regulatory matters, and enforcement coordination. Collaborate with external advisors, including SVRN.

AI and emerging surfacesEstablish security practices for AI and agent-based systems, including model integrity, prompt injection risks, and agent execution boundaries.

Who you are

• A proven security leader from an environment where getting it wrong was not an option — a major on-chain protocol, a top-tier exchange or custodian, critical infrastructure, or a peer ecosystem operating at serious scale. You've built programs, not just maintained them.
• Deeply technical. You can read a Terraform module, challenge a threat model, and set budget priorities in the same afternoon — and you're comfortable arguing with engineers on the merits.
• Think from first principles. You understand how ROI on an audit is calculated and how much of the cost is attributable to the auditing company brand alone. You understand what formal verification is, what risks it protects against and how and why it fails.
• You are excellent at system design. You understand how to isolate risks and limit blast radius. You’ve designed circuit breakers before. You understand how to divide and conquer projects quickly where getting results would normally take years.
• Fluent in crypto risk, or demonstrably capable of becoming so quickly. Smart contracts, on-chain forensics, MPC, key management, and validator security are core to this role. If you treat crypto as "just another vertical," this isn't the right fit. You know what https://rekt.news/ is and you know the most common hacks of the lending protocols.
• Clear authority, used well. You have a direct mandate from the Security Committee and real authority over security for the entities in your remit. You know when to enforce and when to persuade — and you're not afraid of either.
• Composed in public. Incident disclosures, partner calls, committee and board reporting — this role lives in the open.