Web3 Security Triager (AuditAgent & AgentArena)

What we’re building

Nethermind is building an AI-driven security product line that helps protocols and developers find vulnerabilities earlier, cheaper, and faster:

AuditAgent: AI-assisted smart contract vulnerability detection and insight generation for pre-audits and security workflows.

AgentArena: a platform where multiple independent audit agents run in parallel, with an arbiter/triage layer to deduplicate findings and score severity fairly.

This role is critical to our quality layer: you will validate AI-generated findings, filter out false positives, and ensure customers receive high-signal, actionable security insights.

What we need

A hands-on Web3 Security Triager who can evaluate smart contract vulnerabilities found by AI systems, participate in public audit competitions, and help improve our detection quality over time.

You’ll work closely with:

Product and engineering teams building AuditAgent and AgentArena

Security researchers and auditors at Nethermind Security

External protocols and audit competition platforms (Code4rena, Sherlock, Cantina, etc.)

Role & Responsibilities

1. Triage AI-generated findings (AgentArena)

Review and validate vulnerability reports generated by AI agents

Filter false positives to ensure customers receive only high-quality, actionable findings

Classify severity and provide clear reasoning for each decision

Maintain fast turnaround without sacrificing accuracy

2. Run AuditAgent in public audit competitions

Execute AuditAgent on live contests (Code4rena, Sherlock, Cantina, and similar platforms)

Triage the output: validate real bugs, discard noise

Write Proof of Concept (PoC) code for valid findings using AI coding tools

Submit validated findings and track results to measure tool performance

3. Improve detection quality through feedback

Share insights with the product and engineering team on common false positive patterns

Propose new triage strategies, automation ideas, and process improvements

Help build internal benchmarks and quality metrics based on real-world results

4. Document and communicate results (nice to have)

Write internal reports summarizing competition outcomes and tool performance

Contribute to public content (blog posts, case studies) showcasing AuditAgent/AgentArena capabilities

Requirements

Solid understanding of Web3 security: common vulnerability classes in smart contracts (reentrancy, access control, oracle manipulation, etc.)

Proficiency in Solidity: ability to read, understand, and reason about contract logic and potential exploits

Proficiency with AI coding tools: hands-on experience with tools like Cursor, Claude Code, or similar — you should already be using AI to accelerate your workflow

Ability to write PoC exploits: demonstrate valid bugs with working proof-of-concept code (using AI assistance is expected and encouraged)

Strong attention to detail: triage requires careful analysis and clear severity reasoning

Proactive and creative mindset: you’ll be expected to suggest improvements, not just execute tasks

Nice to have

Experience with Solana / Rust smart contract security

Prior participation in audit competitions (Code4rena, Sherlock, Immunefi, etc.)

Background in security research or junior auditing roles

Writing skills: ability to clearly document findings or write public-facing content

Familiarity with common security tools (Slither, Foundry, etc.)

Working model

Remote-first, globally distributed team.