Job Description

This position will join the DevSecOps team and will focus on security automation, on-chain observability, metrics, and automated security responses for our protocol and web applications. They may assist with additional security administration tasks as needed such as audit logging and monitoring for critical applications.

We are looking for someone who has hands-on development experience in the web3 space and is comfortable moving between Web2 and Web3 technologies.

Requirements

• Our tech stack

  • Infrastructure: Docker, AWS, Terraform, Ansible, Serverless
  • Protocol: Go (Cosmos SDK, go-ethereum, btcsuite, Tendermint Core, Ethermint)
  • Smart contracts: Solidity, Rust, Hardhat
  • Frontend: Typescript, Next.js, Redux toolkit, Ethers.js, tRPC, GraphQL

• Location

  • Remote

• Experience

  • 1+ years of blockchain/Web3 development experience
  • 2+ years of development and cyber security experience
  • Familiar with DevSecOps methodologies & best practices
  • Experience with cyber security or a strong desire to improve that part of your skill set
  • Must Have: Hands-on blockchain and/or web3 development experience
  • Experience with tools like OZ Defender & Forta is a big plus

• Responsibilities

  • Build & operate cross-chain monitoring solutions
  • Participate in code reviews & discussions
  • Verify and triage incoming bug bounty submissions
  • Create playbooks for common attack scenarios
  • Implement audit logging and alerting across critical apps
  • Integrate automated security scans and tools into the CI pipeline
  • Provide support and expertise to other teams as needed
  • Ensure all processes meet our security, performance, and reliability requirements
  • Participate in on-call rotation (Once every 3-4 weeks)

  6/12 Month Expectations For This Position

  6 Months

  • You’ve implemented a monitoring solution that watches our smart contracts across all our connected chains
  • You’ve implemented automated SAST tooling into the CI pipeline.
  • You’ve implemented automated fuzzing capabilities into the CI pipeline.
  • You’ve built some automated security testing of the protocol before each deployment
  • You have created playbooks for common attack scenarios

  12 Months

  • You’ve created an automated security testing process for the protocol before each release
  • You’ve built automated responses to common attacks
  • You are maintaining our automated responses to connected chains risks (i.e. When do we pause a chain)