Location: Midtown, New York, NY (In-person Mon–Thurs, with Optional Remote Fridays )

Team: Engineering – Security & Infrastructure

Company Description
At Fun.xyz, we believe a tokenized future is a beneficial inevitability, granting financial emancipation to everyone with an internet connection. For a blockchain-first global economy to exist, value exchange must become intuitive, secure, and seamless.

Enter Checkout - the highest converting payment solution in web3. By integrating Checkout, dApps enable users to complete any on-chain action using crypto from a wallet, centralized exchange, or on-ramped fiat from a card or bank account. With access to market-leading routing and their asset portfolio at the point of sale, users are faster, stickier, and more engaged. For dApps, Checkout scales their user acquisition potential without launching new chains or integrating multiple third party providers.

We built Checkout because we envision a world where anyone, anywhere, can purchase anything with any asset. If that sounds like a vision you can get behind, we want to hear from you.

About The Role
We are seeking a passionate and highly skilled Security Engineer — across Mid and Senior levels — to join our world-class engineering team at Fun.xyz in our New York City Office. In this role, you will take ownership of protecting our infrastructure, applications, and customer assets across both web2 and web3 surfaces.

As a Security Engineer, you will work at the intersection of product, infrastructure, and blockchain security to protect user funds, secure sensitive data, and design systems that hold up under adversarial conditions. You will embed security practices into every layer of our engineering and operations stack — from smart contract audits and secure key management to cloud security and threat modeling.You’ll play a key role in helping Fun.xyz deliver secure and seamless crypto payments at scale, while staying ahead of emerging threats in a rapidly evolving ecosystem.

What You'll Do

• Design and implement secure-by-default systems across backend, protocol, and infrastructure stacks
• Build and maintain secure key management systems, custody workflows, and cryptographic operations
• Conduct and coordinate smart contract audits, threat modeling, and security reviews across all services
• Lead vulnerability management efforts, including monitoring, triage, patching, and disclosure
• Collaborate with DevOps and protocol teams to ensure cloud and infrastructure hardening
• Define and enforce identity and access management (IAM) policies across tools and platforms
• Develop tools for security automation, detection, and incident response
• Participate in company-wide security education, awareness, and best practices training
• Own and improve our incident response plan, performing simulations and postmortems
• Stay current with the latest attack vectors, exploits, and defenses in both web2 and blockchain contexts
  
  
  
  

Required Skills And Qualifications

• Bachelor’s in Computer Science, Cybersecurity, or related field with 4+ years of relevant experience
• Proven experience as a Security Engineer, Application Security Engineer, or Infrastructure Security Engineer
• Familiarity with web application security, OWASP Top 10, and involvement in achieving security certificates to ensure secure development best practices
• Experience with cloud security (AWS, GCP, or Azure), including IAM, VPCs, encryption, and networking
• Deep knowledge of cryptographic principles, secure key storage, and secrets management tools (e.g., HashiCorp Vault)
• Experience working with DevSecOps pipelines, security tooling, and continuous monitoring
• Proficiency in at least one programming or scripting language (Python, Go, JavaScript, etc.)
• Excellent communication skills, with the ability to educate and influence across technical teams and strong written skills, with the ability to communicate and express technical acumen and knowledge in documentation
• Strong analytical mindset and attention to detail — particularly in threat modeling and exploit mitigation
  
  
  
  

Desired Qualities

• Experience with web3 security, including smart contract audits, blockchain transaction safety, and on-chain attack vectors
• Familiarity with EVM-based ecosystems, Solidity vulnerabilities, or DeFi security patterns
• Knowledge of payments systems, PCI DSS standards, or financial regulatory requirements
• Exposure to formal verification, fuzzing tools, or on-chain anomaly detection systems
• A track record of handling real-world incidents or contributing to public vulnerability disclosures
• Hunger to operate in a fast-paced, high-trust startup where security is the highest priority
  
  
  
  

What Sets You Apart

• You see security as a product advantage, not just a checklist
• You’ve contributed to open-source security tools or protocols
• You’ve identified or mitigated novel vulnerabilities in production environments
• You are relentless about reducing risk while empowering teams to move fast
• You balance precision with pragmatism and always plan for the unexpected
  
  
  
  

Why Join Us

• Shape the security foundations of a platform at the cutting edge of crypto payments and financial inclusion
• Solve hard security problems in environments where trust, scale, and adversaries all coexist
• Join a company where security is built-in, not bolted on — and where your work truly matters
• Be part of a team that moves fast, thinks deep, and ships global-scale impact every day
• Help define the future of safe, borderless value exchange for millions of users
  
  
  
  

Location and Work Environment

This role is primarily in-person at our headquarters in Midtown, New York, NY. We collaborate together in-office Monday through Thursday, with optionally remote Fridays.