Duties and Responsibilities:
- Conduct in-depth security audits of smart contracts, Layer 1/Layer 2 protocols, and decentralized applications.
- Identify vulnerabilities such as reentrancy, overflow/underflow, front-running, and access control flaws in smart contracts.
- Perform both manual code reviews and automated vulnerability scans using industry-standard tools.
- Simulate attack vectors, threat models, and adversarial behaviors to assess protocol resilience.
- Collaborate with engineering teams to implement security best practices from the design phase through deployment.
- Write detailed audit reports outlining identified risks, severity levels, and mitigation recommendations.
- Stay informed on the latest exploits, security research, and cryptographic advancements in the Web3 space.
- Contribute to internal security frameworks, guidelines, and tooling to standardize audit processes.
- Participate in bug bounty triaging and responsible disclosure processes when working with third-party ecosystems.
Requirements and Qualifications:
- Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related technical field.
- Proven experience auditing smart contracts (e.g., Solidity, Vyper) and decentralized protocols.
- Strong grasp of blockchain architecture, consensus mechanisms, and smart contract execution environments (e.g., EVM).
- Proficiency in auditing tools like Slither, MythX, Echidna, Foundry, or custom fuzzers.
- Deep understanding of common Web3 attack vectors, cryptographic primitives, and permission models.
- Ability to analyze gas optimizations and identify logic errors beyond surface-level vulnerabilities.
- Clear and concise writing skills for producing audit documentation and communicating findings.
- Familiarity with on-chain monitoring tools, formal verification, and secure development lifecycles is a plus.