Senior Information Security Engineer- Application Security Focus

Hexens.io is looking for a Senior Information Security Engineer  with a strong focus on application security to join our team. At Hexens.io, we deliver cutting-edge cybersecurity services with a core emphasis on blockchain technology. We address complex security challenges, protecting applications and infrastructures that handle multimillion-dollar digital assets.

Remote Availability: Work from anywhere! This is a fully remote role with no location restrictions.

Responsibilities:

• Alongside our off-chain security lead, plan and deliver advanced application security assessments against API services, application front-ends, wallet software, browser plugins, mobile apps, and SDKs.
• Collaborate with leading smart contract auditors and cryptography researchers, leveraging your application security expertise to assess attack surfaces outside their on-chain specializations.
• Work to identify technical vulnerabilities, architectural flaws, and ways to mitigate future risk in the crucial junctions between off-chain and on-chain systems.
• Interact with developers and key stakeholders when identifying and handling security issues.
• Deliver clear and concise reporting on issues and attack paths identified.

Required skillset:

• At least 5 years experience, or equivalent technical expertise, delivering offensive security services, with a primary focus on application security.
• Expert-level web application and API security experience, with proficiency assessing apps with modern web frameworks, and identifying advanced client-side, back-end, and business logic attacks.
• Experience assessing mobile applications (Android/iOS), browser extensions, and desktop applications.
• Practical experience finding complex vulnerabilities and attack paths in Golang, Rust, TS/JS, Python, Java, or C-based codebases during white/grey-box appsec assessments.
• Working knowledge of cloud, CI/CD, container, CDN, and network security concepts, and how they apply to application security.
• Knowledge or willingness to learn web3 security concepts and how they apply to web3-centric applications.
• Decent scripting and automation skills.
• Assisting with scoping requirements for application security work.
• Strong client-facing and soft skills.

Big plus if any of the following apply:

• Significant web2 bug bounty/vulnerability disclosure history.
• Prior experience as a smart contract auditor or onchain-focused security researcher.
• Prior experience developing or integrating DeFi protocols, smart contracts, wallet services, or other web3 services.

• Advanced relevant security certifications (OSWE, Burp Suite Certified Professional, etc.)

Benefits:

• Work alongside industry-leading specialists
• Opportunity to work with the most exciting and prominent companies in the industry
• Highly competitive salary
• Great work environment