This post is over 30 days old. The position may no longer be available

Security Engineer

Nomisma , Anywhere · · Full-time employment · Programming

Company Summary


Nomisma is a startup firm that aims to decentralize finance; founded and run by a multifamily office business CIO / macro hedge fund manager / ex Goldman Sachs senior partner, a young tech entrepreneur from HKUST, and two tenured, chaired Harvard professors.

We’re post Series A with an Alpha product, and at the cusp of dynamic, exponential growth.


Mission and Charge


We envision a world where everyone has access to transparent, trustless, robust financial infrastructure. Where accountability of financial institutions is in the hands of common citizens, globally, and this trustless foundation is intrinsic to the system.


We enable risk customization, interest, borrowing/lending, leverage, and the creation of safe assets for the cryptocurrency universe. Our protocol is based on peer-reviewed financial engineering, built on decentralized infrastructure where every step is transparent, trustless, and regulatory compliant. No margin calls. No counter party risk. No liquidation. You never need to trust the system (or anyone in it) with ownership of your assets.  We deeply believe this will create a new, more inclusive financial system world-wide, unlocking and delivering novel sources of value to all users.

About the position

Location: Hong Kong, Boston, remote – can supply visa to Hong Kong or Singapore


  • 10 years of experience in application security or related fields and risk analysis techniques
  • Expert knowledge of application security best practices including OWASP and CWE
  • Experience with Solidity, Javascript, Python and tools like Truffle, Echidna, Manticore.
  • Knowledge and experience creating automated Fuzzing and Symbolic execution tests for code.
  • Security testing methodologies, tools and techniques - Understanding of common application security vulnerabilities and controls to remediate
  • Hands on Experience - Application Security Code Reviews/Penetration Testing, Cloud security/ Secure cloud computing
  • Solid understanding of network security, including network security procedures, security protocols, security devices, appliances and software
  • Expert understanding of common software and web application security vulnerabilities.
  • Knowledge of crypto primitives, authentication protocols and authorization standards (Eg SSL/TLS, SAML, OAuth, JWT tokens)
  • Experience in Cloud Security - AWS/Azure/Google Cloud/Oracle Cloud
  • Certification in CEH, CompTIA Security+, CISM, CISSP, or GSEC



  • Love working on challenging, ambitious projects with high-level, competent colleagues
  • Are a good Bayesian (i.e., regularly set aside time for reflection and seek opportunities to refine and update your world view)
  • You own what you do and enjoy explaining to anyone willing to listen
  • Optimistic with a sense of urgency

Apply for this position

Login with Google or GitHub to see instructions on how to apply. Your identity will not be revealed to the employer.

It is OK for recruiters, HR consultants, and other intermediaries to contact this employer