Product Security Engineer
As the preferred choice for developers creating the next wave of distributed finance (DeFi) and distributed applications (DApps), we have forged a dependable, secure, and composable smart contract infrastructure. We are currently seeking a talented product security engineer to join our team and play a vital role in developing the most secure chain in the Cosmos ecosystem.
About this role
As a Product Security Engineer at Agoric, you will be an integral part of ensuring our smart contracts platform is secure from attack and disruption across multiple facets, including code vulnerabilities, chain attacks, configuration and release management, dependency and supply chain risks, scalability, denial of service, decentralized hosting of our software and the risks that come with it. You will guide the company to identify and resolve potential security risks, as well as putting in place systems and procedures for handling security issues when they occur. You will build upon our company’s strong security culture, enabling Agoric and its community to build a rich ecosystem of secure smart contracts. You will work with a team of world-class computer security and programming language developers, cryptographers, economists, business leaders and community builders; all of whom have the mission of making decentralized smart contracts an everyday reality.
What you will be doing
- Develop our static analysis and fuzzing programs, with opportunities to build custom tooling to support bug hunting and QA.
- Guide penetration testing program for application security, including supporting security audits.
- Perform adversarial testing on frameworks, contracts, core infrastructure, and testnets.
- Support our vulnerability disclosure and bug bounty program.
- Guide our dependency management program, and maintenance of Agoric’s Software Bill of Materials.
- Improve, develop, and maintain security documentation including threat models and user interaction diagrams of the Agoric stack.
- Support ecosystem security by partnering with various ecosystem stakeholders (e.g. wallets, Dapp developers, inter-chain providers) for audit readiness, emergency coordination, and observability efforts.
- Aid the team in incorporating security into our software designs and implementations as a first class goal.
- Participate in team code reviews and threat modeling with fellow engineers, with a keen eye towards information security concerns
- Help improve the stability, scalability, reliability, and maintainability of the Agoric platform through the construction of tools and testing frameworks, integration of open source software, and helping to develop response playbooks and best practices.
- Understand the security trends and challenges within the company and in the blockchain / DeFi industries at large. Offer ideas and collaborative solutions to others at Agoric and in the ecosystem.
- Participate in open source development on shared resources with external development teams
What we look for in you
- BA, BS, MS, PhD in Computer Science, Software Engineering, or other relevant discipline, or equivalent professional experience
- 6+ years of experience as a security engineer in challenging environments (high profile / high stakes companies)
- Familiarity with blockchain, cryptography, and smart contract languages and frameworks
- Experience working with systems design and open-source projects
Nice to haves
- Have previous experience at a fast paced, high growth stage internet/software company
- Experience with Cosmos/Tendermint
Comp Expectations: $175,000 - $250,000 base salary based on skillset/experience.
Agoric is committed to diversity in its workforce and is proud to be an equal opportunity employer. Agoric does not make hiring or employment decisions on the basis of race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law.
Something looks off?