Security Engineering Lead

Responsibilities

  • Lead security audits of (a subset of) the Espresso codebase
  • As a project leader, you will have mobility in how you choose to organize security and audit efforts
  • Dive into the code of a fairly complex distributed system, learning and developing an understanding of the system on the fly (with help from the engineering team that built it, of course)
  • Coordinate with several engineering teams to aid in your audit, raise concerns and communicate results, and guide the effort to harden the system based on your findings
  • Coordinate with, manage, and review the work of external security auditing teams, in certain cases
  • Suggest improvements to testing and engineering practices to promote more secure and maintainable code

Requirements

  • Solid grasp of software engineering principles, both low-level (e.g. language-specific best practices) and high-level (e.g. reliable software architecture, particularly in distributed systems)
  • If focused on Rust: ≥ 1 year experience writing Rust, particularly with async Rust.
  • If focused on Solidity: Multiple years experience writing smart contracts; experience with smart contract security audits or formal verification of smart contracts
  • Experience as an engineer or software architect in a security-critical industry
  • Be capable of describing the stakes, the challenges you’ve faced in building secure software, and the steps/processes you’ve taken to mitigate risk
  • Experience as an auditor, pentester, QA tester, etc.
  • Have a well thought-out approach to testing software and designing it to be testable/auditable
  • Ability to think adversarially, and identify potential reliability or security vulnerabilities even in software that is correct in common or “happy path” scenarios
  • Experience on the design and/or testing of distributed systems
  • Comfort diving into unknowns and asking questions

Preferred

  • Knowledge of relevant testing and static analysis tools (e.g. Foundry, Slither) is a plus
  • Blockchain knowledge/experience is preferred, but could also be include IoT, automotive, finance, etc.
  • Ideally, the candidate should have a general philosophy of software design that has been molded by experience working on security-critical systems

Benefits

  • Fully remote with flexible hours
  • Work alongside the brightest minds in the crypto space
  • Competitive salary + equity package
  • Regular team off-sites to international locations
  • Unlimited vacation policy
  • Top-tier health, dental, and vision coverage for US employees

Originally posted on Himalayas

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *