Product Security Engineer

This is a fully remote position, open to applicants in India.

📋 Description

• Perform comprehensive security evaluations of blockchain-based systems, encompassing design of cryptographic primitives, protocol architecture, smart contract execution, and deployed infrastructure.

• Identify genuine vulnerabilities via hands-on examination, adversarial testing, and proof-of-concept exploit creation, rather than relying solely on automated scanning.

• Develop adversarial test scenarios and proof-of-concept exploits for Hedera-native services, EVM-compatible contracts, cross-chain bridges, and consensus-layer components.

• Take ownership of threat modeling and security architecture assessments throughout various product development phases.

• Establish and uphold security checkpoints prior to the deployment of new components into production.

• Collaborate closely with engineering teams to convert cryptographic and protocol-level risks into tangible, prioritized remediation tasks.

• Create and enhance security tools, fuzzing infrastructure, and CI/CD security automation to extend security coverage without increasing headcount.

• Monitor emerging attack patterns in blockchain and web3, align them with the internal codebase, and implement proactive measures to mitigate threats before they arise.

⛳️ Requirements

• Practical experience in vulnerability discovery and security testing across blockchain protocols, smart contracts, nodes, and APIs.

• Proven history of identifying real bugs rather than just conducting automated scans.

• Strong expertise in threat modeling and security architecture reviews applied to distributed cryptographic systems.

• Experience in evaluating cross-chain protocols, threshold signature schemes, or other cryptographic systems with intricate trust assumptions.

• In-depth knowledge of applied cryptography, including BLS signatures, pairing-based schemes, polynomial commitments, and Fiat-Shamir constructions.

• Capability to analyze cryptographic failure modes and their manifestations in production systems.

• Direct experience in auditing or compromising a cross-chain bridge.

• Ability to evaluate trust model trade-offs, such as state proof, multisig, and oracle attestation models, and their implications for the attack surface.

• Familiarity with blockchain security and secure coding practices across both EVM-compatible and non-EVM chains.

• Proficiency in security testing tools, including static analysis, dynamic analysis, and fuzzing.

• Experience in developing custom fuzzing harnesses or security testing infrastructure.

• Capability to read and audit cryptographic code in Rust and/or Java.

• Understanding of memory safety, constant-time correctness, secret handling, and security vulnerabilities at JNI boundaries.

🏝️ Benefits

• Health insurance

• 401(k) matching

• Flexible work hours

• Paid time off

• Remote work options