CertiK
Sr. Security Engineer (Penetration Testing)
Remote Penetration Testing role with clear candidate location fit.
PostedJul 2, 2026
Eligible countries1 accepted country
Seniority signalSenior
Work settingRemote
Accepted candidate locations
USA
Role overview
Sr. Security Engineer (Penetration Testing)
Requirements and responsibilities
Readable role content extracted into sections for faster review.
Responsibilities
- Perform security assessments on web, mobile, thick client applications, and browser extensions
- Conduct external and internal network penetration tests
- Perform security source code reviews
- Perform cloud security reviews
- Develop comprehensive pentest reports for both technical and non-technical audiences
- Research and develop innovative techniques, tools, and methodologies for pentesting applications in the blockchain space
- Contribute to the community by developing tools, presentations, and blog posts
Requirements
- Passionate about cryptocurrency, DeFi, and blockchain, with a willingness to learn Web3 technologies such as smart contracts
- Minimum of 4 years of experience in application security and penetration testing
- Experienced in source code review for different languages, with a strong understanding of JavaScript and TypeScript
- Experienced in mobile application penetration testing
- Familiar with cloud platforms and their security risks, such as AWS, Azure, and GCP
- Experience in programming with scripting languages such as Python and Bash
- Solid understanding of cryptography
- BS/MS/PhD in Computer Science or Information Security
- Strong spoken and written communication skills
Bonus Points
- Experienced in pentesting Web3 applications such as crypto exchanges, wallets, Dapps, and key custodian solutions
- Experienced in smart contract security audits
- Familiar with browser extension architecture and security risks
- Actively participate in the blockchain security community
- OSCP, OSWE, OSCE, GWAPT, or comparable certification
- Participated in bug bounty programs and audit contests
- Published security-related blog posts and spoken at security conferences and/or local meetups
Similar roles
Keep a backup shortlist.
JavaScript, TypeScript 5 accepted countries
Full Stack EngineerSubwayView role AWS, TypeScript 13 accepted countries
Senior Software EngineerBaltimore BannerView role AWS, TypeScript 8 accepted countries
Talent Community| Senior JavaScript Full Stack EngineerHiring teamView role AWS, Python 13 accepted countries
Senior Backend Engineer (AdTech)Leap ToolsView role Stack
Use these tags to compare similar remote roles.
Location eligibility
Candidates should apply only when their profile country is listed here.
Your profileCountry not setSign in to check your country against this role.
Hiring flow
WithMira shows the role, then sends candidates to the company application.
1Check role fit, stack, and location eligibility in WithMira.
2Open the company application page from the tracked apply link.
3Save the role or subscribe for similar opportunities before leaving.