About Hashgraph:
Hashgraph is a fast-growing software company committed to supporting, developing and servicing Hedera, an open source, proof-of-stake platform. Hedera is EVM-compatible and has been specifically built to meet the needs of enterprise and Web3 applications, which require speed, security, stability and sustainability. Hedera’s public network is governed by industry-leading organizations, spanning 11 sectors and 14 regions who oversee the development and direction of the decentralized platform.
You may find yourself doing all of the following:
- Conducting comprehensive security assessments of blockchain-based systems, focusing on web3 security and smart contract security
- Writing malicious smart contracts to exploit and identify vulnerabilities in the Hedera blockchain
- Developing and implementing security strategies and best practices for the Hedera blockchain protocols
- Collaborating with development teams to integrate security measures into the design and implementation of blockchain solutions
- Designing and executing penetration testing and vulnerability assessments on blockchain networks and associated components
- Staying updated on emerging threats and vulnerabilities in the blockchain space and providing guidance on mitigation strategies
- Educating internal stakeholders on blockchain security best practices and principles
- Contributing to the development of security tools and frameworks tailored for blockchain environments
- Assisting in incident response activities related to blockchain security incidents
- Participating in security awareness training programs for internal stakeholders
Qualification Requirements:
- Bachelor's or Master's degree in Computer Science, Information Security, Blockchain, Cryptography, or related field (or equivalent experience)
- 8+ years of experience in product security, application security, or penetration testing
- of which 2+ years of experience in blockchain security, smart contract auditing, or related roles
- Proficiency in smart contract languages such as Solidity or Rust and familiarity with blockchain platforms like Ethereum; knowledge of the Hedera Blockchain is a plus
- Strong understanding of web3 technologies and protocols (e.g., Gossip, Ethereum, IPFS, Whisper)
- Experience with security assessment tools and methodologies specific to blockchain environments
- Familiarity with common blockchain security vulnerabilities and attack vectors
- Knowledge of cryptographic principles and protocols relevant to blockchain security
- Excellent problem-solving skills and ability to analyze complex systems
- Effective communication skills and ability to work collaboratively with cross-functional teams
- Hands-on experience with security testing tools such as static analysis, dynamic analysis, and fuzzing tools
-
OSWA and/or CISSP certifications are mandatory
Other skills that are great to bring with you but that we can help you develop:
- Relevant certifications (e.g., OSCP, OSEP, OSWE); relevant certifications in blockchain security or related areas (e.g., Certified Blockchain Security Professional) are a plus
- Experience in Bug bounty, Security Research, CVE publications, Red teaming, and attack surface management
- Experience with cloud environments (e.g., GCP, AWS)
- Understanding of common programming languages and scripting languages, such as Python, PowerShell, or Bash
- Experience with containerization and orchestration technologies, such as Docker and Kubernetes, and their associated security best practices
