WorkingInCrypto
Browse JobsCategoriesCompaniesOfferBlog
Post a Job
LIMITED TIME OFFER
We are bootstrapping and created a new LIFETIME plan.
It will be in promotion for a limited time. Don't loose this opportunity!
Blog

AI-Native SecOps: The Web3 Security Role That Has to Defend Against Its Own AI

June 28, 2026
Image

Read enough job postings and most of them blur together. Then one stops you, because it's quietly asking a single person to do two things that pull in opposite directions.

Ondo Finance — the largest tokenized-treasuries provider, founded by alumni of Goldman Sachs' digital assets team — posted a Security Engineer role in June 2026. On the surface it's a standard incident-response job: run the SIEM, manage the EDR, build the playbooks, respond when something breaks. But buried in the requirements is the part that should make you sit up. This engineer is expected to build LLM-assisted security workflows — and, in the same breath, to defend against attacks that target AI systems. They're being told to deploy the AI and to treat the AI as a threat. Same person. Same role.

That's not a contradiction. It's the job. Welcome to AI-native SecOps, the most demanding and least understood corner of web3 security right now. Here's what the role actually requires, why an institutional crypto platform is the place it shows up first, and what the path into it looks like.

What Is AI-Native SecOps?

AI-native SecOps is a security operations model where LLMs are built into the core detection-and-response workflow — not bolted on as a reporting layer, but acting inside the loop, triaging alerts, summarizing incidents, and classifying threats. The engineer in this model runs the traditional stack (SIEM, EDR, SOAR) and builds the LLM integrations that make it faster, and defends against a new class of attack that targets the AI systems themselves.

The shorthand: classic incident response didn't go away. It picked up two new jobs. You now have to make AI part of your defense, and you have to defend against AI being used as a weapon — including the AI tooling you just deployed.

Why an Institutional RWA Platform Builds This Role First

You don't get a role this demanding at a company that can afford to be wrong. You get it where mistakes are irreversible and expensive.

Ondo tokenizes real-world assets — treasuries, funds, securities brought on-chain. That puts them at the exact intersection that makes security existential: institutional money, regulatory scrutiny, and blockchain immutability. In Web2, a breach is a bad week. On-chain, a successful attack can move value that cannot be clawed back. When prevention is the only real remediation, the security bar isn't "good." It's "we cannot afford the incident."

That pressure is why Ondo is early here. A platform handling this kind of value can't treat AI security as a someday problem. The moment they introduce LLM tooling into their own operations, they introduce a new attack surface — and at their stakes, an unsecured attack surface is unacceptable. So the same hire who builds the AI tooling has to secure it. Splitting those across two roles would leave a seam, and seams are where breaches live.

The Two Halves of the Job

The Ondo listing reads like two job descriptions stapled together. That's the point — and both halves are non-negotiable.

Half one: the classical stack is still table stakes. Before any of the AI talk, this is a real incident-response role. The requirements name the tools plainly: Splunk, Panther, or Elastic for SIEM; CrowdStrike or SentinelOne for EDR; SOAR for orchestration; Python for the glue. Three to five-plus years of genuine SecOps and IR experience. None of this is optional or softened by the AI layer. If anything, the AI raises the bar — you can't safely automate a process you don't deeply understand. The engineers who'll struggle here are the ones who think LLMs let them skip the fundamentals. They don't. They amplify whoever's already good.

Half two: build the AI into the defense. This is where the role departs from a 2023 security job. The engineer is expected to build LLM-assisted triage — models that pre-classify incoming alerts by severity and attach context before a human looks. They build automated incident summarization that turns raw log data into a readable report. They extend SOAR playbooks with LLM reasoning steps. The goal is brutally practical: alert volume keeps climbing, and you can't hire your way out of it. AI-native SecOps is how a small team covers a threat surface that used to need a large one. The human moves up the stack — to logic design, edge cases, and the threats the models can't handle yet.

The Part Nobody Was Trained For: Defending Against AI

Here's the half of the role that doesn't exist in any security certification yet, and it's the one that matters most.

The same engineer building LLM workflows has to understand how those exact systems get attacked. That means a threat surface most security teams have never had to model:

  • Prompt injection — an attacker crafts input that hijacks the instructions of an LLM in your pipeline, turning your own triage assistant into a tool that misclassifies or leaks.
  • Model poisoning — corrupting the data a model learns from or retrieves, so it makes confident, wrong calls at exactly the wrong moment.
  • Adversarial inputs — payloads engineered to slip past AI-based detection that a human or a signature would have caught.
  • Model exfiltration — extracting the model, its prompts, or the sensitive data flowing through it.

Sit with the recursion for a second. You deploy an LLM to help triage security alerts. That LLM is now itself part of your attack surface. If an attacker can prompt-inject your triage model, they can blind your detection from the inside — and they'll do it at 3am, when an automated pipeline is running and nobody's watching the watcher. The engineer who built the convenience has to also have built the defense for it. That's the double bind, and it's genuinely new. There's no playbook on a shelf for this. The people doing it are writing the playbook as they go.

Why This Skill Set Is So Rare

Think about who actually has all of this. You need years of hands-on incident response — the kind you only get by being on call when things were on fire. You need to build with LLMs competently, not just prompt them. And you need to think adversarially about AI systems specifically, which almost nobody has had a reason to learn yet.

Those three populations barely overlap today. Classical SecOps engineers mostly haven't built LLM pipelines. AI engineers mostly haven't done incident response. And the adversarial-AI knowledge is so new that it lives in research papers and a handful of practitioners' heads, not in training programs. The combination — Splunk-and-Panther depth plus LLM orchestration plus AI threat modeling — is, in the market's own terms, genuinely rare. Which is exactly why a company like Ondo writes the job this way and waits for the right person instead of splitting it into safer, more fillable pieces.

Rare skill sets are where leverage lives. If you can credibly stand in all three circles, you are not competing with a crowd.

How to Get There From Where You Are

If you're a SecOps or IR engineer: you own the hardest-to-fake half already. Your incident-response instincts are the part companies can't shortcut. Your move is to get hands-on with the AI layer — build a small LLM triage or summarization workflow against your own alert data, then immediately try to break it. Learn prompt injection by attacking your own pipeline. The fastest way to understand AI defense is to play attacker against the thing you just built. Don't wait for a certification; there isn't a good one yet, and being early is the entire advantage.

If you're an AI or ML engineer eyeing security: your model fluency is real, but the role is incident response first. Spend time on the fundamentals you can't bluff — how detection engineering actually works, what a SIEM does, how a real investigation unfolds under pressure. Pair up with security people. The market doesn't need someone who can fine-tune a model and call it security; it needs someone who can sit in an IR rotation and secure the models.

If you're a web3 engineer adding security depth: you already understand the stakes that make this role existential — immutability, on-chain value, the cost of being wrong. Lean into that context advantage, then build outward into detection engineering and the AI threat surface. The protocols handling serious value will keep hiring for this, and your native understanding of why it matters is not nothing.

The Broader Signal

Ondo's hire is the security instance of a pattern that's now unmistakable across web3. The same window saw Serotonin post an AI GTM Engineer to build marketing's AI layer, and OKX post a platform architect to govern multi-agent systems in production. Three functions — marketing, platform, security — each absorbing AI into a role that two years ago had nothing to do with it. The standalone "AI team" was a transitional structure. What replaces it is every function owning its own AI layer.

For security, that ownership comes with a twist the other functions don't carry as sharply: the AI you adopt is also a thing you now have to defend. AI-native SecOps is the discipline of holding both at once — building with AI and defending against it, on infrastructure where the cost of getting it wrong is permanent. It's hard, it's rare, and right now it's wide open. The people who can do it won't be looking for work. The institutions will be looking for them.

Frequently Asked Questions

What is AI-native SecOps in simple terms?

AI-native SecOps is a security operations approach where LLMs are built directly into detection and response — triaging alerts, summarizing incidents, and extending automation playbooks — rather than being used only for reporting. The security engineer runs the traditional tooling (SIEM, EDR, SOAR), builds the AI integrations on top of it, and also defends against attacks that specifically target AI systems. It's classic incident response plus two new responsibilities: using AI as a defender and securing AI as an attack surface.

What skills does a web3 AI security engineer need?

Based on the Ondo Finance role, the core requirements are: 3-5+ years of SecOps/IR experience; hands-on skill with SIEM (Splunk, Panther, Elastic), EDR (CrowdStrike, SentinelOne), and SOAR; Python scripting; the ability to build LLM-assisted security workflows; and an understanding of AI-specific threats like prompt injection and model poisoning. The classical incident-response depth is the foundation, not something the AI layer replaces.

What are AI-driven attacks a security engineer must defend against?

The main categories are prompt injection (manipulating an LLM's instructions through crafted input), model poisoning (corrupting training or retrieval data so the model makes wrong decisions), adversarial inputs (payloads designed to evade AI-based detection), and model exfiltration (stealing the model, its prompts, or the data passing through it). The challenge is that when you deploy an LLM into your own security pipeline, that LLM becomes part of your attack surface.

Why is the AI-native SecOps skill set so rare?

It requires three things that rarely appear in the same person: deep, hands-on incident response experience; the ability to build with LLMs (not just use them); and adversarial knowledge of how AI systems are attacked, which is so new it isn't taught in standard certifications yet. Classical security engineers usually haven't built LLM pipelines, AI engineers usually haven't done IR, and the AI-threat knowledge lives in research and practice rather than training programs.

Why do institutional crypto platforms need AI-native SecOps first?

Platforms like Ondo Finance handle institutional money on-chain, where blockchain immutability means a successful attack can move value that can't be reversed. That combination of high stakes, regulatory scrutiny, and irreversibility makes prevention the only real remediation — so the security bar is exceptionally high. When such a platform adopts AI tooling internally, it must secure that new attack surface immediately, which is why the build-and-defend role appears here before it appears in lower-stakes environments.

Conclusion

The Ondo Finance role is easy to misread as just another security job with an "AI a plus" line tacked on. It isn't. It's one of the first public postings to make the real shape of modern security explicit: you build with AI and you defend against AI, and increasingly you defend against the very AI you built. That's AI-native SecOps, and the skill set it demands — classical IR depth, LLM engineering, and adversarial AI thinking in one head — is as rare as it sounds.

If you're a security engineer, this is the clearest signal yet of where the field is heading and where the scarce, high-value work is going to be. The certifications haven't caught up. The training programs don't exist yet. Which means the way in is to build something, attack it yourself, and learn the discipline before it has a name everyone recognizes. Early is uncomfortable. It's also exactly where you want to be standing when this becomes the default.

WorkingInCrypto
Browse JobsCategoriesCompaniesOfferBlogContact
Made with love in EU • © 2026 • All rights reservedPrivacy
Blockchain, Metaverse, Cityverse, Ethereum, L2, Crypto, Bitcoin, Stable Coins, Gaming, NFT, Solidity, UX, Design, Cardano, Kusama, Tezos, Solana, Polkadot, Polygon, Token, Tokenization, DAO, DeFi, AI, Wallet, AR