Job Description

Locations

• US Zone 1 (Job Requisitions Only), United States (Remote)

Salary

Skills Required

• Web3 application securityintermediate
• penetration testingintermediate
• identifying critical vulnerabilitiesintermediate
• blockchain ecosystem knowledge (L1/L2 networks, DeFi protocols, staking mechanisms)intermediate
• Web2 security concepts (OWASP Top 10, SANS Top 25)intermediate
• analytical skillsintermediate
• communication skillsintermediate
• independent work and ownershipintermediate
• continuous learningintermediate
• building relationshipsintermediate

Required Qualifications

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Software Engineering, or a related field. (experience)
• 3+ years of experience in Web3 application security and penetration testing. (experience)
• Proven track record of identifying critical vulnerabilities across the blockchain protocol stack, Web2, and Web3 components. (experience)
• Extensive knowledge of the blockchain ecosystem, including L1/L2 networks, DeFi protocols, and staking mechanisms. (experience)
• Deep understanding of Web2 security concepts and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25). (experience)
• Strong analytical skills to identify trends and patterns in vulnerabilities. (experience)
• Excellent communication skills for engaging with internal teams. (experience)
• Passion for security and a drive to improve Web3 security posture. (experience)
• Ability to work independently and take ownership of penetration testing initiatives. (experience)
• Energy and self-drive for continuous learning in the rapidly evolving crypto space. (experience)
• Excellence in clear, direct, and kind communication with technical and non-technical stakeholders. (experience)
• Experience building relationships with product, engineering, and security teams. (experience)

Preferred Qualifications

• Participation in CTFs, bug bounty programs, or open-source security research. (experience)
• Expertise in Application Security, Network Security, or Cloud Security. (experience)
• Relevant security certifications (e.g., OSCP, GPEN). (experience)
• Experience developing and implementing security tooling to support bug bounty triage and analysis. (experience)
• Experience with bug bounty programs and platforms, including triage, validation, and researcher communication. (experience)
• Strong analytical skills to identify trends and patterns in bug bounty submissions. (experience)
• Excellent communication skills to effectively engage with bug bounty researchers. (experience)

Responsibilities

• Conduct security assessments of Web3 products and services, including smart contracts, DeFi protocols, and blockchain infrastructure.
• Collaborate with partner teams to enhance detection and response capabilities for Web3 vulnerabilities.
• Stay informed on emerging security trends, advisories, and academic research in the Web3 space.
• Lead Web3 bug bounty triage and validation, ensuring timely and accurate assessments of reported vulnerabilities.
• Develop and implement strategies to incentivize high-quality bug bounty submissions and engage with the hacker community.
• Manage the Web3 bug bounty program, including scope updates, researcher communication, and payout disbursements.
• Analyze bug bounty data to identify trends, common vulnerabilities, and areas for improvement.
• Collaborate with engineering teams to prioritize and remediate vulnerabilities identified through the bug bounty program.
• Mentor and train junior security engineers in Web3 bug bounty triage and analysis.
• Provide on-call support for critical Web3 bug bounty-related incidents.
• Document and report on Web3 bug bounty metrics and program effectiveness.

Benefits

• general: bonus eligibility
• general: equity eligibility
• general: benefits (including medical, dental, vision and 401(k))

Tags & Categories