Join the innovative companies building on Hedera Hashgraph

Senior Product Security Engineer

Swirlds Labs

Swirlds Labs

Software Engineering, Product
Europe · Remote
Posted on Wednesday, March 20, 2024

About Swirlds Labs:

Swirlds Labs is a fast-growing software company committed to supporting, developing and servicing Hedera, an open source, proof-of-stake platform. Hedera is EVM-compatible and has been specifically built to meet the needs of enterprise and Web3 applications, which require speed, security, stability and sustainability. Hedera’s public network is governed by industry-leading organizations, spanning 11 sectors and 14 regions who oversee the development and direction of the decentralized platform.

You may find yourself doing all of the following:

  • Conducting comprehensive security assessments of blockchain-based systems, focusing on web3 security and smart contract security
  • Writing malicious smart contracts to exploit and identify vulnerabilities in the Hedera blockchain
  • Developing and implementing security strategies and best practices for the Hedera blockchain protocols
  • Collaborating with development teams to integrate security measures into the design and implementation of blockchain solutions
  • Designing and executing penetration testing and vulnerability assessments on blockchain networks and associated components
  • Staying updated on emerging threats and vulnerabilities in the blockchain space and providing guidance on mitigation strategies
  • Educating internal stakeholders on blockchain security best practices and principles
  • Contributing to the development of security tools and frameworks tailored for blockchain environments
  • Assisting in incident response activities related to blockchain security incidents
  • Participating in security awareness training programs for internal stakeholders

Qualification Requirements:

  • Bachelor's or Master's degree in Computer Science, Information Security, Blockchain, Cryptography, or related field (or equivalent experience)
  • 8+ years of experience in product security, application security, or penetration testing
  • of which 2+ years of experience in blockchain security, smart contract auditing, or related roles
  • Proficiency in smart contract languages such as Solidity or Rust and familiarity with blockchain platforms like Ethereum; knowledge of the Hedera Blockchain is a plus
  • Strong understanding of web3 technologies and protocols (e.g., Gossip, Ethereum, IPFS, Whisper)
  • Experience with security assessment tools and methodologies specific to blockchain environments
  • Familiarity with common blockchain security vulnerabilities and attack vectors
  • Knowledge of cryptographic principles and protocols relevant to blockchain security
  • Excellent problem-solving skills and ability to analyze complex systems
  • Effective communication skills and ability to work collaboratively with cross-functional teams
  • Hands-on experience with security testing tools such as static analysis, dynamic analysis, and fuzzing tools

Other skills that are great to bring with you but that we can help you develop:

  • Relevant certifications (e.g., OSCP, OSEP, OSWA, OSWE); relevant certifications in blockchain security or related areas (e.g., Certified Blockchain Security Professional) are a plus
  • Experience in Bug bounty, Security Research, CVE publications, Red teaming, and attack surface management
  • Experience with cloud environments (e.g., GCP, AWS)
  • Understanding of common programming languages and scripting languages, such as Python, PowerShell, or Bash
  • Experience with containerization and orchestration technologies, such as Docker and Kubernetes, and their associated security best practices