Application Security Engineer (Web3)

Формат работы

remote (только USA)

Тип работы

fulltime

Грейд

lead

Английский

Вакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:

TL;DR

Application Security Engineer (Web3): Own end-to-end security reviews across smart contracts (Solidity), backend services (Go, TypeScript, Python), and frontend surfaces with an accent on scaling security via AI-powered tools and bug bounty management. Focus on building agentic CI/CD pipelines, designing specialized AI code reviewers, triaging submissions, and embedding across engineering teams at all development stages.

Location: Remote (global workforce)

Company

Global blockchain payments company building and operating infrastructure to move money instantly and reliably at internet scale.

What you will do

Own end-to-end security reviews across smart contracts, backend services, and frontend, producing high-quality written findings.
Build and ship agentic security CI/CD pipelines that autonomously review PRs and release candidates.
Design and maintain AI-powered code reviewers tuned to specific vulnerabilities, Solidity-aware and protocol-aware.
Triage and manage bug bounty program, reproduce findings, assign severity, and route issues to engineering.
Follow through on remediation, review fixes, and embed across engineering teams from sprint planning to post-launch.
Lead AI security practice by building and sharing custom prompt chains, workflows, and integrations.

Requirements

Full-stack security fluency across Solidity, Go, TypeScript, Python; drop into unfamiliar codebases quickly.
Smart contract security core competency: production auditing/building experience, EVM internals, DeFi patterns, exploit history.
Proven AI workflow depth: custom prompt chains, CI integrations for security tasks.
Experience making security decisions under time pressure in Web3 environments.
Public portfolio of security work: audit reports, bug bounty writeups, research, or tooling.
Experience with structured bug bounty programs: triage, communication, severity calibration.

Nice to have

Direct exposure to payments protocols, stablecoin infrastructure, or regulated fintech.
Prior work building security tooling with engineering adoption.

Culture & Benefits

Remote first global workforce.
Industry leading medical, dental, vision insurance (fully covered in certain countries).
Company matching 401k (US employees), home office setup allowance, AI allowance, internet reimbursement.
Flexible time off, company laptop, egg freezing, mental health, wellness benefits.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →