Senior Product Security Engineer

About Swirlds Labs:

We are a fast-growing company built around a revolutionary technology — the hashgraph consensus algorithm. Hedera Hashgraph is well-suited to become the world’s first mass-adopted distributed public ledger because it is blazing fast, highly secure, and ensures fairness. We are on a mission to create a trusted and empowered digital future for everyone; a cyberspace where you work, play, buy, sell, create, and engage socially; where you have safety and privacy in your digital communities; where you feel confident when interacting with others; where you own and control your information. Join us and say, “Hello future.”

You may find yourself doing all of the following:

• Conducting comprehensive security assessments of blockchain-based systems, focusing on web3 security and smart contract security
• Writing malicious smart contracts to exploit and identify vulnerabilities in the Hedera blockchain
• Developing and implementing security strategies and best practices for the Hedera blockchain protocols
• Collaborating with development teams to integrate security measures into the design and implementation of blockchain solutions
• Designing and executing penetration testing and vulnerability assessments on blockchain networks and associated components
• Staying updated on emerging threats and vulnerabilities in the blockchain space and providing guidance on mitigation strategies
• Educating internal stakeholders on blockchain security best practices and principles
• Contributing to the development of security tools and frameworks tailored for blockchain environments
• Assisting in incident response activities related to blockchain security incidents
• Participating in security awareness training programs for internal stakeholders

Qualification Requirements:

• Bachelor's or Master's degree in Computer Science, Information Security, Blockchain, Cryptography, or related field (or equivalent experience)
• 8+ years of experience in product security, application security, or penetration testing
• of which 2+ years of experience in blockchain security, smart contract auditing, or related roles
• Proficiency in smart contract languages such as Solidity or Rust and familiarity with blockchain platforms like Ethereum; knowledge of the Hedera Blockchain is a plus
• Strong understanding of web3 technologies and protocols (e.g., Gossip, Ethereum, IPFS, Whisper)
• Experience with security assessment tools and methodologies specific to blockchain environments
• Familiarity with common blockchain security vulnerabilities and attack vectors
• Knowledge of cryptographic principles and protocols relevant to blockchain security
• Excellent problem-solving skills and ability to analyze complex systems
• Effective communication skills and ability to work collaboratively with cross-functional teams
• Hands-on experience with security testing tools such as static analysis, dynamic analysis, and fuzzing tools

Other skills that are great to bring with you but that we can help you develop:

• Relevant certifications (e.g., OSCP, OSEP, OSWA, OSWE); relevant certifications in blockchain security or related areas (e.g., Certified Blockchain Security Professional) are a plus
• Experience in Bug bounty, Security Research, CVE publications, Red teaming, and attack surface management
• Experience with cloud environments (e.g., GCP, AWS)
• Understanding of common programming languages and scripting languages, such as Python, PowerShell, or Bash 
• Experience with containerization and orchestration technologies, such as Docker and Kubernetes, and their associated security best practices