Product Security Engineer

This is a fully remote position, open to applicants in Germany.

📋 Description

• Perform comprehensive security evaluations of blockchain-based systems, including the design of cryptographic primitives, protocol architecture, smart contract execution, and the infrastructure in use.

• Take ownership of threat modeling and conduct security architecture reviews throughout all phases of product development.

• Detect real-world vulnerabilities by engaging in thorough hands-on code analyses, adversarial testing, and creating proof-of-concept exploits for native services, EVM-compatible contracts, cross-chain bridges, and consensus-layer elements.

• Collaborate closely with core engineering teams to convert complex cryptographic and protocol-level risks into prioritized, actionable remediation plans.

• Establish and enforce security checkpoints before production deployment.

• Develop, scale, and enhance security tools, fuzzing infrastructure, and CI/CD security automation to optimize security coverage effectively.

• Monitor emerging attack patterns in blockchain and Web3, correlate these with the internal codebase, and implement proactive mitigation strategies.

⛳️ Requirements

• Established history of hands-on vulnerability discovery and security testing across blockchain protocols, smart contracts, nodes, and APIs, with a proven capability to identify significant architectural flaws beyond automated scans.

• Extensive experience in threat modeling and security architecture reviews directly applied to distributed cryptographic systems.

• Direct experience in evaluating cross-chain protocols, threshold signature schemes, or other cryptographic systems with intricate trust assumptions, including the auditing or compromising of cross-chain bridges.

• Profound knowledge of applied cryptography (e.g., BLS signatures, pairing-based schemes, polynomial commitments, and Fiat-Shamir constructions) with the ability to reason about cryptographic failure modes in live environments.

• Capability to analyze trade-offs in trust models, including state proofs, multisig, and oracle attestation models, and assess their effects on the larger attack surface.

• Expertise in blockchain security and secure coding practices for both EVM-compatible and non-EVM chains.

• Proficiency in security testing tools, including static analysis, dynamic analysis, and fuzzing, along with experience in developing custom fuzzing harnesses or security testing infrastructure.

• Strong competence in reading, reviewing, and auditing cryptographic code written in Rust and/or Java.

• Clear comprehension of memory safety, constant-time correctness, secret management, and specific security risks at JNI boundaries.

• Experience in designing and executing grammar-aware fuzzing campaigns targeting gRPC, JSON-RPC, or protocol-level endpoints.

• Experience constructing classifier pipelines to differentiate security signals from noise, or developing custom security automation tools.

• Previous security work centered on Ethereum consensus clients or operational threshold signature systems.

• Experience in integrating AI-assisted workflows into security review and triage processes.

🏝️ Benefits

• Competitive salary and remuneration package.

• Opportunity to work at the leading edge of enterprise Web3 infrastructure and cryptographic innovation.

• Collaborative, high-caliber engineering environment focused on addressing complex, large-scale distributed systems challenges.

• Flexible working arrangements and extensive professional development opportunities.