Senior Information Security Engineer – Application Security Focus

This is a fully remote position, open to applicants in United Kingdom.

📋 Description

• Collaborate with our off-chain security lead to strategize and execute advanced application security evaluations for API services, application front-ends, wallet software, browser plugins, mobile applications, and SDKs.

• Partner with top smart contract auditors and cryptography experts, utilizing your application security knowledge to analyze attack surfaces beyond their on-chain focus.

• Aim to detect technical vulnerabilities, architectural weaknesses, and propose methods to mitigate potential risks at the critical interfaces between off-chain and on-chain systems.

• Engage with developers and key stakeholders to identify and manage security concerns effectively.

• Provide clear and concise reports on identified issues and potential attack vectors.

⛳️ Requirements

• Minimum of 5 years of experience, or equivalent technical expertise, in delivering offensive security services with a strong emphasis on application security.

• Extensive experience in web application and API security, with the ability to evaluate applications built on modern web frameworks and detect advanced client-side, back-end, and business logic vulnerabilities.

• Proven experience in assessing mobile applications (Android/iOS), browser extensions, and desktop software.

• Hands-on experience in discovering complex vulnerabilities and attack paths within Golang, Rust, TS/JS, Python, Java, or C-based codebases during white/grey-box application security assessments.

• Familiarity with cloud, CI/CD, container, CDN, and network security principles, and their relevance to application security.

• Knowledge or eagerness to learn web3 security concepts and their application in web3-focused applications.

• Competent scripting and automation skills.

• Experience in assisting with the scoping of requirements for application security tasks.

• Strong client-facing abilities and interpersonal skills.

• A significant advantage if you have: a notable web2 bug bounty/vulnerability disclosure record, previous experience as a smart contract auditor or on-chain security researcher, experience in developing or integrating DeFi protocols, smart contracts, wallet services, or other web3 services, or advanced relevant security certifications (OSWE, Burp Suite Certified Professional, etc.).

🏝️ Benefits

• Collaborate with industry-leading experts.

• Opportunity to engage with some of the most exciting and prestigious companies in the sector.

• Highly competitive salary package.

• Excellent work environment.