Offensive Security Engineer - 100% Remote, Blockchain, DeFi

Responsibilities

• Conduct realistic adversary simulations from conception through reporting.
• Perform testing on systems, applications, networks, and processes.
• Research cutting-edge offensive security techniques.
• Develop tools and exploits.
• Communicate clearly and effectively, both written and orally, regarding risks and required remediations.
• Work collaboratively and independently on unique or specialized assignments requiring specific knowledge or experience.
• Comply with Company, Division, and Professional ethical standards.

Qualifications

• A passion for the blockchain industry.
• 3+ years of experience in application development in Golang and C++ (both are mandatory) (blockchain or smart contract development experience is a plus).
• 2+ years of offensive security experience.
• Experience in WASM/BPF is a plus.
• Understanding of system administration and network administration.
• Experience using common penetration testing tools (BurpSuite, Metasploit, etc.).
• Practical reverse engineering and fuzzing experience is a plus.
• Proficient in at least one scripting language.
• Proficiency with common server and workstation operating systems.
• Proficient in testing modern web application languages and frameworks.
• Proficient knowledge of blockchain and smart contract implementations.
• Deep understanding of Golang-based smart contract runtimes.
• Ability to think critically and identify areas of technical and non-technical risk.
• Ability to write technical reports and communicate technical content to non-technical audiences.
• Experience in security research, including vulnerability discovery and exploit development.

Bonus Points

• Experience working with Bitcoin or its forks (Bitcoin Cash, etc.).
• Experience working with Ethereum clients.
• Experience with Cosmos SDK and solid understanding of Tendermint.
• Experience with IBC (Inter-Blockchain Communication).
• Experience working with consensus protocols.
• Basic knowledge of cryptographic primitives such as public/private keys, hash functions, and Merkle trees (understanding how to use them, not implement them).
• Relevant security certifications are a plus but not required (OSCP, OSCE, GPEN, GWAPT, LPT, CISSP).