Resumo da vaga

Product Security Engineer

Requisitos e responsabilidades

Conteúdo da vaga extraído em seções para revisão mais rápida.

Key Responsibilities

  • Security Assessments & Threat Modeling: Conduct end-to-end security assessments of blockchain-based systems, spanning cryptographic primitive design, protocol architecture, smart contract implementation, and deployed infrastructure. Own threat modeling and security architecture reviews across all product phases.
  • Vulnerability Discovery & Exploitation: Identify real-world vulnerabilities through rigorous hands-on code reviews, adversarial testing, and the development of proof-of-concept exploits for native services, EVM-compatible contracts, cross-chain bridges, and consensus-layer components.
  • Engineering Partnership: Partner directly with core engineering teams to translate complex cryptographic and protocol-level risks into prioritized, actionable remediation workflows. Define and enforce security gates prior to production deployment.
  • Security Automation & Tooling: Build, scale, and improve security tooling, fuzzing infrastructure, and CI/CD security automation to maximize security coverage efficiently.
  • Research & Mitigation: Track emerging blockchain and Web3 attack patterns, map them to the internal codebase, and drive proactive mitigation strategies.

Core Capabilities & Experience

  • Proven track record of hands-on vulnerability discovery and security testing across blockchain protocols, smart contracts, nodes, and APIs, with a demonstrated ability to identify deep architectural bugs beyond automated scanning.
  • Strong threat modeling and security architecture review experience applied directly to distributed cryptographic systems.
  • Direct experience assessing cross-chain protocols, threshold signature schemes, or other cryptographic systems with complex trust assumptions, including the auditing or breaking of cross-chain bridges.
  • Deep working knowledge of applied cryptography (e.g., BLS signatures, pairing-based schemes, polynomial commitments, and Fiat-Shamir constructions) and the ability to reason about cryptographic failure modes in production environments.
  • Ability to analyze trust model tradeoffs, including state proof, multisig, and oracle attestation models, and evaluate their impact on the broader attack surface.

Functional & Technical Expertise

  • Mastery of blockchain security and secure coding practices across both EVM-compatible and non-EVM chains.
  • Proficiency with security testing tooling, including static analysis, dynamic analysis, and fuzzing, alongside experience developing custom fuzzing harnesses or security test infrastructure.
  • Strong ability to read, review, and audit cryptographic code written in Rust and/or Java.
  • Clear understanding of memory safety, constant-time correctness, secret handling, and the unique security risks at JNI boundaries.

Preferred Qualifications

  • Experience designing and operating grammar-aware fuzzing campaigns against gRPC, JSON-RPC, or protocol-level endpoints.
  • Experience building classifier pipelines to isolate security signals from noise, or building custom security automation tooling.
  • Prior security work focused on Ethereum consensus clients or production threshold signature systems.
  • Experience integrating AI-assisted workflows into security review and triage processes.

Benefits

  • Competitive salary and compensation package.
  • Opportunity to work at the forefront of enterprise Web3 infrastructure and cryptographic innovation.
  • Collaborative, high-caliber engineering environment focused on solving complex, large-scale distributed systems challenges.
  • Flexible working arrangements and comprehensive professional growth opportunities.
Vagas similares

Mantenha uma lista reserva.

Ver stack
FocoProduct Security EngineeringÁrea da vaga
Sinal de senioridadeSeniorNível do candidato
StackCI/CD, JavaSkills principais
Localização57 países aceitosElegibilidade

Stack

Use estas tags para comparar vagas remotas similares.

Elegibilidade de localização

Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.

Fluxo de contratação

O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.

1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.
Aplicar no site da empresaSite da empresaAbrir link