Job Description

Key Responsibilities:

You will join the GRVT Site Reliability Engineering (SRE) team, which operates across three tightly integrated verticals:

DevSecOps (cloud infrastructure, incident response, platform stability) Test Engineering (end-to-end testing, regression pipelines, feature assurance) Security Engineering (penetration testing, security advisory, security governance).

The organization has the mandate of ensuring the end-to-end reliability of the GRVT platform, protecting our product's reliability, correctness, and security.


This role is positioned within the Security vertical but works cross-functionally with the entire organization.

Lead technical assurance activities across projects, including penetration testing, purple teaming, threat modeling, and architecture reviews--ensuring both new and existing systems maintain a high security baseline. Serve as the primary security expert within the SRE team, collaborating closely with Ops and QA Engineers and Wider Teams to design practical, high-impact controls that enhance platform security without compromising delivery velocity. Build automation and internal tooling for security visibility, posture monitoring, and enforcement (e.g., secret scanning, anomaly detection, automated test harnesses). Monitor, triage, and lead response efforts for security incidents, coordinating across SRE, and wider engineering teams. Establish and maintain security policies and controls aligned with both engineering best practices and regulatory obligations Educate and empower developers and engineers with actionable guidance, secure coding practices, and feedback cycles--reducing the likelihood of vulnerabilities during development.

Experience & Skills Requirements:

Strong Information Security (InfoSec) background (5 years+), with proven experience in application security across both traditional web stacks and blockchain-based systems. Expert knowledge of web application security, including deep familiarity with the OWASP Top 10, to assess and defend GRVT's off-chain services against common web-based threats. Python proficiency - Experience building security engineering tools such as automated API security testers, custom static analyzers, or CI/CD-integrated scanners for secrets, misconfigurations, and insecure patterns. Proficiency in security testing tools, such as SAST (e.g., SonarQube, Checkmarx, GoSec), DAST (e.g., OWASP ZAP, Burp Suite). Demonstrated ability to quickly understand and analyze unfamiliar codebases, enabling effective secure code review across diverse systems--including web services, infrastructure components, and smart contracts. Experience conducting threat modelling exercises, or a strong grasp of threat modeling methodologies to evaluate project risk at the design and implementation levels. Smart contract auditing experience, with familiarity in identifying common vulnerabilities in decentralized applications and blockchain systems. Bug bounty programs experience, either as a seasoned researcher or by managing an organization's program. Experience with Cloud infrastructure (e.g., AWS, GCP). Understanding of container security and DevSecOps principles, with practical experience integrating security into CI/CD pipelines.

Bonus Points:

Familiarity with IT security frameworks such as SOC 2 and ISO 27001, and how to align technical controls to compliance objectives. * Holds or actively pursues professional certifications such as

OSCP, OSWE, CISSP, CDP, or CTMP.