Paxos Labs
Lead Security Engineer
NEWJob Description
[AI-summarized by JobStash]
You will play a central role in elevating security across cloud infrastructure, operations, and smart contracts at a company building onchain financial products. You will conduct internal audits of cloud platforms, create threat models, and collaborate with infrastructure engineers to detect and prevent exploits. You will develop tooling and standard operating procedures for incident response, run periodic training simulating hacks and social engineering attacks, and work with technical and non-technical staff to secure human attack vectors. You will also partner with the smart contract team to audit and secure protocols, building full stack tools to detect malicious transactions, automate pauses across chains, define and monitor invariants, and integrate third party security software.
Requirements
- āDeep knowledge of cloud infrastructure and web2 security practices
- āDeep knowledge of cybersecurity standards and social engineering defenses
- āExperience building full stack applications
- āDeep knowledge of EVM security tooling, testing, and best practices
- āDeep knowledge of common hacks and exploits in DeFi protocols
- āDeep knowledge of financial attack vectors in DeFi protocols
- āExperience with CTFs, bugbounties, whitehat activities
Responsibilities
- āConduct internal audits of cloud platform security (Azure, AWS)
- āImplement best practices around key management, network security, and monitoring
- āCreate threat models for first party and third party software
- āResearch possible vulnerabilities and patch them
- āCollaborate with infrastructure engineers to detect, fix, and prevent exploits by creating reusable tools and processes
- āDevelop tooling and SOPs such as incident response manuals
- āConduct periodic incident response training simulating hacks, alerts, and social engineering vectors
- āCollaborate with technical and non-technical staff to secure non-code related attack vectors
- āCollaborate with the Smart Contract team to conduct internal audits and set up secure operational practices
- āBuild and deploy full stack tools for mitigating exploits and financial risks
- āDetect malicious transactions in the mempool and automate pauses across smart contracts deployed on multiple chains
- āDefine invariants and detect violations in realtime
- āIntegrate third party security software where necessary