Skip to main content
NEUN
Back to Careers

Paxos Labs

Lead Security Engineer

NEW
New York CityFull-timeGlobal
šŸ“Š SenioršŸ  On-site
ActivePosted within the last 30 days

Job Description

[AI-summarized by JobStash]

You will play a central role in elevating security across cloud infrastructure, operations, and smart contracts at a company building onchain financial products. You will conduct internal audits of cloud platforms, create threat models, and collaborate with infrastructure engineers to detect and prevent exploits. You will develop tooling and standard operating procedures for incident response, run periodic training simulating hacks and social engineering attacks, and work with technical and non-technical staff to secure human attack vectors. You will also partner with the smart contract team to audit and secure protocols, building full stack tools to detect malicious transactions, automate pauses across chains, define and monitor invariants, and integrate third party security software.

Requirements

  • ā—Deep knowledge of cloud infrastructure and web2 security practices
  • ā—Deep knowledge of cybersecurity standards and social engineering defenses
  • ā—Experience building full stack applications
  • ā—Deep knowledge of EVM security tooling, testing, and best practices
  • ā—Deep knowledge of common hacks and exploits in DeFi protocols
  • ā—Deep knowledge of financial attack vectors in DeFi protocols
  • ā—Experience with CTFs, bugbounties, whitehat activities

Responsibilities

  • ā—Conduct internal audits of cloud platform security (Azure, AWS)
  • ā—Implement best practices around key management, network security, and monitoring
  • ā—Create threat models for first party and third party software
  • ā—Research possible vulnerabilities and patch them
  • ā—Collaborate with infrastructure engineers to detect, fix, and prevent exploits by creating reusable tools and processes
  • ā—Develop tooling and SOPs such as incident response manuals
  • ā—Conduct periodic incident response training simulating hacks, alerts, and social engineering vectors
  • ā—Collaborate with technical and non-technical staff to secure non-code related attack vectors
  • ā—Collaborate with the Smart Contract team to conduct internal audits and set up secure operational practices
  • ā—Build and deploy full stack tools for mitigating exploits and financial risks
  • ā—Detect malicious transactions in the mempool and automate pauses across smart contracts deployed on multiple chains
  • ā—Define invariants and detect violations in realtime
  • ā—Integrate third party security software where necessary

Tech Stack

AWSAzurebug bountycloud securityCTFCVEDeFiEVMexploit detectionincident response
Expired
Search