Bachelor's or Master's degree in Computer Science, Information Security, Blockchain, Cryptography, or related field (or equivalent experience).
8+ years of experience in product security, application security, or penetration testing.
2+ years of experience in blockchain security, smart contract auditing, or related roles.
Proficiency in smart contract languages such as Solidity or Rust and familiarity with blockchain platforms like Ethereum; knowledge of the Hedera Blockchain is a plus.
Strong understanding of web3 technologies and protocols (e.g., Gossip, Ethereum, IPFS, Whisper).
Experience with security assessment tools and methodologies specific to blockchain environments.
Familiarity with common blockchain security vulnerabilities and attack vectors.
Knowledge of cryptographic principles and protocols relevant to blockchain security.
Excellent problem-solving skills and ability to analyze complex systems.
Effective communication skills and ability to work collaboratively with cross-functional teams.
Hands-on experience with security testing tools such as static analysis, dynamic analysis, and fuzzing tools.
OSWA and/or CISSP certifications are mandatory.
Responsibilities:
Conducting comprehensive security assessments of blockchain-based systems, focusing on web3 security and smart contract security.
Writing malicious smart contracts to exploit and identify vulnerabilities in the Hedera blockchain.
Developing and implementing security strategies and best practices for the Hedera blockchain protocols.
Collaborating with development teams to integrate security measures into the design and implementation of blockchain solutions.
Designing and executing penetration testing and vulnerability assessments on blockchain networks and associated components.
Staying updated on emerging threats and vulnerabilities in the blockchain space and providing guidance on mitigation strategies.
Educating internal stakeholders on blockchain security best practices and principles.
Contributing to the development of security tools and frameworks tailored for blockchain environments.
Assisting in incident response activities related to blockchain security incidents.
Participating in security awareness training programs for internal stakeholders.