MLabs
Product Security Engineer
Vaga remota de Product Security Engineering com fit claro de localização do candidato.
Publicada3 de jul. de 2026
Países elegíveis57 países aceitos
Sinal de senioridadeSenior
Modelo de trabalhoRemoto
Locais aceitos para candidatos
Resumo da vaga
Product Security Engineer
Requisitos e responsabilidades
Conteúdo da vaga extraído em seções para revisão mais rápida.
Key Responsibilities
- Security Assessments & Threat Modeling: Conduct end-to-end security assessments of blockchain-based systems, spanning cryptographic primitive design, protocol architecture, smart contract implementation, and deployed infrastructure. Own threat modeling and security architecture reviews across all product phases.
- Vulnerability Discovery & Exploitation: Identify real-world vulnerabilities through rigorous hands-on code reviews, adversarial testing, and the development of proof-of-concept exploits for native services, EVM-compatible contracts, cross-chain bridges, and consensus-layer components.
- Engineering Partnership: Partner directly with core engineering teams to translate complex cryptographic and protocol-level risks into prioritized, actionable remediation workflows. Define and enforce security gates prior to production deployment.
- Security Automation & Tooling: Build, scale, and improve security tooling, fuzzing infrastructure, and CI/CD security automation to maximize security coverage efficiently.
- Research & Mitigation: Track emerging blockchain and Web3 attack patterns, map them to the internal codebase, and drive proactive mitigation strategies.
Core Capabilities & Experience
- Proven track record of hands-on vulnerability discovery and security testing across blockchain protocols, smart contracts, nodes, and APIs, with a demonstrated ability to identify deep architectural bugs beyond automated scanning.
- Strong threat modeling and security architecture review experience applied directly to distributed cryptographic systems.
- Direct experience assessing cross-chain protocols, threshold signature schemes, or other cryptographic systems with complex trust assumptions, including the auditing or breaking of cross-chain bridges.
- Deep working knowledge of applied cryptography (e.g., BLS signatures, pairing-based schemes, polynomial commitments, and Fiat-Shamir constructions) and the ability to reason about cryptographic failure modes in production environments.
- Ability to analyze trust model tradeoffs, including state proof, multisig, and oracle attestation models, and evaluate their impact on the broader attack surface.
Functional & Technical Expertise
- Mastery of blockchain security and secure coding practices across both EVM-compatible and non-EVM chains.
- Proficiency with security testing tooling, including static analysis, dynamic analysis, and fuzzing, alongside experience developing custom fuzzing harnesses or security test infrastructure.
- Strong ability to read, review, and audit cryptographic code written in Rust and/or Java.
- Clear understanding of memory safety, constant-time correctness, secret handling, and the unique security risks at JNI boundaries.
Preferred Qualifications
- Experience designing and operating grammar-aware fuzzing campaigns against gRPC, JSON-RPC, or protocol-level endpoints.
- Experience building classifier pipelines to isolate security signals from noise, or building custom security automation tooling.
- Prior security work focused on Ethereum consensus clients or production threshold signature systems.
- Experience integrating AI-assisted workflows into security review and triage processes.
Benefits
- Competitive salary and compensation package.
- Opportunity to work at the forefront of enterprise Web3 infrastructure and cryptographic innovation.
- Collaborative, high-caliber engineering environment focused on solving complex, large-scale distributed systems challenges.
- Flexible working arrangements and comprehensive professional growth opportunities.
Vagas similares
Mantenha uma lista reserva.
CI/CD 8 países aceitos
Senior Mobile QA EngineerSubway EcommerceVer vaga CI/CD 8 países aceitos
Senior QA Automation EngineerSubway EcommerceVer vaga Java 8 países aceitos
Application Security Engineer (Tech Lead)Morgan StanleyVer vaga Java 8 países aceitos
Application Security Engineer (Senior)Morgan StanleyVer vaga Stack
Use estas tags para comparar vagas remotas similares.
Elegibilidade de localização
Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.
Seu perfilPaís não definidoEntre para comparar seu país com esta vaga.
Ver todos os 57 países aceitos
AlbâniaAustráliaÁustriaBangladeshBielorrússiaBélgicaBulgáriaCambojaChinaCroáciaChipreTchéquiaDinamarcaEstôniaFinlândiaFrançaAlemanhaGréciaHong Kong, RAE da ChinaHungriaIslândiaÍndiaIndonésiaIrlandaItáliaJapãoCazaquistãoLetôniaLituâniaLuxemburgoMalásiaMaltaMoldáviaMontenegroPaíses BaixosNova ZelândiaMacedônia do NorteNoruegaPaquistãoFilipinasPolôniaPortugalRomêniaSérviaSingapuraEslováquiaEslovêniaCoreia do SulEspanhaSri LankaSuéciaSuíçaTaiwanTailândiaUcrâniaReino UnidoVietnã
Fluxo de contratação
O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.
1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.