Who We Are Anza is a Solana R&D lab pushing the boundaries of blockchain performance and scalability. Anza was founded by experienced executives and core engineers solving the toughest problems in Web3. Crypto ecosystems rely on robust protocols, and we believe those are best built out in the open, with multiple contributors. We pioneer advanced solutions to meet the evolving demands of decentralized applications. The Role As a Security Engineer at Anza, you will play a crucial role in safeguarding the Solana ecosystem by designing and implementing robust security measures. You will work closely with core developers, ecosystem teams, and external auditors to identify and mitigate vulnerabilities in distributed systems protocols and blockchain client software. Your expertise will help shape security best practices and advance the security posture of blockchain technology. Responsibilities - Design and implement security and defense-in-depth controls to prevent and limit vulnerabilities. - Conduct advanced security research on Solana and other Rust-based smart contract platforms. - Work closely with core contributors to perform in-depth internal security audits. - Work with external security audits in collaboration with top-tier third-party firms. - Effectively communicate security risks and solutions to both technical and non-technical stakeholders. - Uphold the highest standards of integrity, trust, and professionalism in all security practices.

Who We Are Anza is a Solana R&D lab pushing the boundaries of blockchain performance and scalability. Anza was founded by experienced executives and core engineers solving the toughest problems in Web3. Crypto ecosystems rely on robust protocols, and we believe those are best built out in the open, with multiple contributors. We pioneer advanced solutions to meet the evolving demands of decentralized applications. The Role As a Security Engineer at Anza, you will play a crucial role in safeguarding the Solana ecosystem by designing and implementing robust security measures. You will work closely with core developers, ecosystem teams, and external auditors to identify and mitigate vulnerabilities in distributed systems protocols and blockchain client software. Your expertise will help shape security best practices and advance the security posture of blockchain technology. Responsibilities - Design and implement security and defense-in-depth controls to prevent and limit vulnerabilities. - Conduct advanced security research on Solana and other Rust-based smart contract platforms. - Work closely with core contributors to perform in-depth internal security audits. - Work with external security audits in collaboration with top-tier third-party firms. - Effectively communicate security risks and solutions to both technical and non-technical stakeholders. - Uphold the highest standards of integrity, trust, and professionalism in all security practices.

• Support the InfoSec GRC Lead in operating and improving the organization’s governance, risk, and compliance program • Review client MSAs and related security requirements • Support internal and client audits • Drive risk and exception management workflows • Support supplier/third-party security reviews • Maintain documentation and evidence for ISO/IEC 27001 & ISO/IEC 42001 • Support continual improvement activities • Extract and document security requirements from client MSAs • Identify gaps and risks; coordinate with Legal and Privacy teams • Collect evidence for audit requests; ensure traceability between requirements, controls, and evidence • Maintain risk registers and support exception workflows • Assess third-party security submissions; track supplier risk ratings and remediation actions • Map regulatory requirements (HIPAA, GDPR, APPI) to internal controls • Produce operational reports on audit status/risk metrics • Contribute to process improvements

• Reports to Offensive Security Manager • Grow penetration testing practice • Propose and take ownership of internal project initiatives • Conduct debrief reviews with clients • Lead client debrief calls for standard engagements