Product Security Engineer

Apply

Join talent pool

5d ago

About Hashgraph:
Hashgraph is a fast-growing software company committed to supporting, developing and servicing Hedera, an open source, proof-of-stake platform. Hedera is EVM-compatible and has been specifically built to meet the needs of enterprise and Web3 applications, which require speed, security, stability and sustainability. Hedera’s public network is governed by industry-leading organizations, spanning 11 sectors and 14 regions who oversee the development and direction of the decentralized platform.

You may find yourself doing all of the following:

Conduct comprehensive product security assessments of blockchain-based systems, with a strong focus on Web3 security, smart contracts, and protocol-level risks

Design and write malicious smart contracts and adversarial test cases to exploit and identify vulnerabilities in Hedera Blockchain and EVM-compatible systems

Develop, implement, and continuously improve security strategies, architectures, and best practices for Hedera blockchain protocols, smart contracts, bridges, and associated services

Partner closely with engineering teams to embed security into design, development, and deployment workflows

Design and execute penetration testing, threat modeling, and vulnerability assessments across blockchain networks, nodes, APIs, and supporting infrastructure

Identify, track, and stay ahead of emerging blockchain and Web3 threats, exploits, and attack patterns; provide actionable mitigation guidance

Build and contribute to security tooling, frameworks, and automation tailored for blockchain environments, including CI/CD integrations

Leverage AI/LLMs and automation to enhance product security reviews, vulnerability discovery, threat modeling, and security testing workflows

Assist in incident response and post-incident analysis related to blockchain security events, including root cause analysis and remediation guidance

Educate engineers and internal stakeholders on blockchain security principles, secure coding practices, and real-world attack scenarios

Participate in and contribute to security awareness and secure development training programs across the organization

Qualification Requirements:

Must be available to work within the EU time zones

Bachelor’s or Master’s degree in Computer Science, Information Security, Cryptography, Blockchain, or a related field (or equivalent practical experience)

8+ years of experience in product security, application security, or penetration testing, including 2+ years focused on blockchain security, smart contract auditing, or Web3 security

Solid understanding of EVM internals, smart contract execution, and common Web3 architectures; knowledge of Hedera Blockchain is a strong plus

Deep knowledge of Web3 technologies and protocols, such as Ethereum, gossip-based networks, IPFS, and related decentralized systems

Proven experience with blockchain-specific security assessment tools, methodologies, and manual testing techniques

Strong understanding of blockchain attack vectors and vulnerability classes, including gas fees, authorization control flaws, fungible and non-fungible tokens issues, and bridge exploits

Working knowledge of cryptographic principles and protocols relevant to blockchain systems (hashing, signatures, key management, consensus assumptions)

Hands-on experience with static analysis, dynamic analysis, fuzzing, and custom security testing tools

Strong understanding of secure coding practices, particularly in Java and Rust

Excellent analytical, problem-solving, and communication skills, with the ability to collaborate effectively across engineering and product teams

Programming experience and understanding code in any language.

Other skills that are great to bring with you but that we can help you develop:

Industry-recognized security certifications such as OSCP, OSEP, OSWA, OSWE; blockchain security certifications are a plus

Experience in bug bounty programs, security research, CVE publications, red teaming, or attack surface management

Red Team experience, ideally in web3

Experience securing or operating systems in cloud environments (AWS, GCP, Azure), including IAM and key management

Proficiency in scripting and general-purpose programming languages such as Python, Bash, or PowerShell for tooling and automation

Experience with containerization and orchestration technologies (Docker, Kubernetes) and their associated security best practices

Familiarity with DevSecOps pipelines, CI/CD security controls, and infrastructure-as-code security

Coding experience in Java, Rust, and/or Python

AI tool building

:

Hashgraph

Location: Remote from within Europe

Join talent pool

Benefits: Equity Compensation, Home Office Budget, Learning Budget, Pto, Pay In Crypto, Unlimited Vacation

Receive similar jobs:

email-suggestions#handleInput click@window->email-suggestions#clickOutside" type="email" value="" name="user[email]">

engineer security remote aws blockchain docker ethereum java kubernetes rust

Remote

Remote Web3 Security Expert Jobs

Job Position and Company Location Tags Posted Apply

Senior Blockchain Security Engineer

zeroShadow

<a href="/remote-jobs"