Responsibilities
• Perform security assessments on web, mobile, thick client applications, and browser extensions
• Conduct external and internal network penetration tests
• Perform security source code reviews
• Perform cloud security reviews
• Develop comprehensive pentest reports for both technical and non-technical audiences
• Research and develop innovative techniques, tools, and methodologies for pentesting applications in the blockchain space
• Contribute to the community by developing tools, presentations, and blog posts
Requirements
• Passionate about cryptocurrency, DeFi, and blockchain, with a willingness to learn Web3 technologies such as smart contracts
• Minimum of 4 years of experience in application security and penetration testing
• Experienced in source code review for different languages, with a strong understanding of JavaScript and TypeScript
• Experienced in mobile application penetration testing
• Familiar with cloud platforms and their security risks, such as AWS, Azure, and GCP
• Experience in programming with scripting languages such as Python and Bash
• Solid understanding of cryptography
• BS/MS/PhD in Computer Science or Information Security
• Strong spoken and written communication skills
Bonus Points
• Experienced in pentesting Web3 applications such as crypto exchanges, wallets, Dapps, and key custodian solutions
• Experienced in smart contract security audits
• Familiar with browser extension architecture and security risks
• Actively participate in the blockchain security community
• OSCP, OSWE, OSCE, GWAPT, or comparable certification
• Participated in bug bounty programs and audit contests
• Published security-related blog posts and spoken at security conferences and/or local meetups