Senior Security Engineer (GRC)

At Offchain Labs, we aren’t just building products: we’re leading a movement. 

As pioneers in blockchain scalability and security, we're at the forefront of transforming how the world interacts with decentralized applications. We're laying the foundation that will define the next generation of digital commerce, governance, and human interaction. This involves tackling real-world challenges that come with scaling blockchain technology, without compromising on its core principles: decentralization, security and transparency. 

At the center of this vision is our people. Our team is made up of thinkers and doers that embrace new challenges and seek solutions that push existing boundaries. If you’re energized by solving unprecedented problems, and believe in the role that decentralized systems will play in creating a more equitable digital future, then we want to hear from you. 

Why Offchain Labs?

Offchain Labs is setting the pace for the entire Ethereum ecosystem. We built the Arbitrum stack that powers Arbitrum One, the most widely adopted Ethereum scaling solution that exists today.

Arbitrum’s ecosystem is undergoing tremendous growth with hundreds of projects and dApps on Arbitrum One today. Over 100 different teams have used Offchain Labs technology to build their own Arbitrum chains. Major players in the space, Robinhood, BlackRock, Ethena Labs, Securitize, Aave, and Apechain are all using the Arbitrum stack.

Arbitrum’s thriving ecosystem wouldn’t exist without our advanced technology stack. Arbitrum, Prysm, ZeroDev. These aren’t just product names. These are tools that are actively reshaping what's possible on Ethereum and advancing its core infrastructure.

To top it all off? We’re backed by $124 million in funding. We’ve demonstrated consistent execution with billions in secured value, thousands of supported projects, and infrastructure processing millions of transactions seamlessly.

The Role

• As a Security Engineer (GRC) at Offchain Labs, you will play a key role in defining and improving our security posture through robust governance, clear policies, and effective risk management.

• You’ll collaborate across teams to ensure that our operations are secure, compliant, and aligned with regulatory and industry best practices - such as SOC2.

What you'll do:

• Develop and enforce security policies, standards, and procedures organization-wide.

• Ensure the company is audit-ready and responsive to any regulatory changes.

• Establish and clearly communicate data privacy and data-handling standards to internal teams as well as external partners and stakeholders.

• Track, document, and report on the status of security controls, ongoing audits, and all related compliance activities

• Play an active part in designing, launching, and continuously refining the company’s overall information security governance program.

• Work closely with security, engineering, infrastructure, and product teams to make sure controls fit both business objectives and technical realities.

• Promote security awareness and build a strong culture of shared risk responsibility through focused training and straightforward communication.

• Support both internal and external audits by coordinating evidence gathering, preparing materials, and ensuring findings are addressed quickly and thoroughly.

What you'll need:

• 5+ years of experience in a security engineering, governance, or risk management role.
• Solid understanding of AWS or other cloud vendors.
• Strong understanding of core information security concepts and major regulatory frameworks/standards (e.g. SOC2, ISO 27001, NIST CSF)
• Hands-on experience with standard risk assessment approaches and supporting tools.
• Direct experience drafting and updating security policies.
• Ability to translate complex regulatory and technical obligations into straightforward, actionable internal processes
• Strong communication skills that work well with both technical and non-technical audiences
• Excellent written and verbal communication skills, with the ability to present complex technical details as clear, risk-focused recommendations

Perks:

• Remote-first global workforce + NY office
• Annual company offsite + team onsites
• Professional reimbursement program (facilitates industry conference attendance, certifications, and more)
• Medical, dental & vision coverage (US + some other countries)
• 401k retirement plan + company match (US only)
• Wellness stipend
• Home office set up / ergonomic equipment program

Attention Offchain Labs Job Seekers:

This role cannot be performed in California, or Colorado.

Please be advised that there has been a rise in fraudulent recruiter activities, particularly within the Web3 space. If you would like to confirm whether someone is an OCL employee or the legitimacy of an offer you received, please email jobs@offchainlabs.com

At Offchain Labs, we are committed to building a welcoming and supportive workplace for all employees, regardless of their background or identity. We strive to create an environment where everyone feels valued and has an equal opportunity to succeed and thrive. We encourage candidates from all walks of life to apply and join our team.