Sr. Security Engineer (Penetration Testing)
US / RemoteFull-TimeMid-levelSoftware Engineering
Responsibilities
- Perform security assessments on web, mobile, thick client applications, and browser extensions
- Conduct external and internal network penetration tests
- Perform security source code reviews
- Perform cloud security reviews
- Develop comprehensive pentest reports for both technical and non-technical audiences
- Research and develop innovative techniques, tools, and methodologies for pentesting applications in the blockchain space
- Contribute to the community by developing tools, presentations, and blog posts
Requirements
- Passionate about cryptocurrency, DeFi, and blockchain, with a willingness to learn Web3 technologies such as smart contracts
- Minimum of 4 years of experience in application security and penetration testing
- Experienced in source code review for different languages, with a strong understanding of JavaScript and TypeScript
- Experienced in mobile application penetration testing
- Familiar with cloud platforms and their security risks, such as AWS, Azure, and GCP
- Experience in programming with scripting languages such as Python and Bash
- Solid understanding of cryptography
- BS/MS/PhD in Computer Science or Information Security
- Strong spoken and written communication skills
Bonus Points
- Experienced in pentesting Web3 applications such as crypto exchanges, wallets, Dapps, and key custodian solutions
- Experienced in smart contract security audits
- Familiar with browser extension architecture and security risks
- Actively participate in the blockchain security community
- OSCP, OSWE, OSCE, GWAPT, or comparable certification
- Participated in bug bounty programs and audit contests
- Published security-related blog posts and spoken at security conferences and/or local meetups
