Remote Application Security Engineer - Zetachain
Blockchain Works, San Francisco, CA, United States
About ZetaChain
ZetaChain aims to be the only blockchain you’ll ever need. It is a layer 1 blockchain and developer platform that connects any L1 and L2, from Ethereum to Bitcoin and beyond. Access all of crypto in one place, as a developer or user.
ZetaChain prides itself on its vibrant and active community, a testament to our growing impact and relevance in the blockchain space:
- Thriving Ecosystem: Over 150+ dApps developed, showcasing diverse innovation and utilization.
- Engagement: With over 800K+ followers on Twitter and an equally active Discord community of 800K+ members, ZetaChain fosters a dynamic environment for engagement, and collaboration.
- Activity: Our testnet has seen over 35K+ smart contracts deployed and processed over 25M+ transactions.
Job Description
At ZetaChain, we are seeking a dedicated Protocol Security Engineer to play a pivotal role in fortifying the security of our cutting-edge protocol. You will be deeply involved in the development process, ensuring that the code written is both efficient and secure. Your expertise in DeFi risks, ranging from smart contract vulnerabilities to oracle attacks, will be invaluable in guiding the team. As the blockchain landscape is ever-evolving, staying ahead of the latest security threats and mitigation techniques will be crucial. Your knowledge, especially with the Cosmos SDK, will be instrumental in setting best practices for blockchain security.
Your responsibilities will also encompass reviewing EVM contracts written in Solidity, identifying potential security pitfalls. As a mentor, you'll be expected to elevate the team's security awareness and practices. As the primary point of contact for security assessments, your leadership will be essential in research initiatives aimed at improving ZetaChain's security stance. Furthermore, you will be at the forefront of testing and addressing vulnerabilities highlighted by our bug bounty program, and leading the development of threat models and risk assessments for the protocol.
Responsibilities
- Actively contribute to the development of the ZetaChain protocol, writing secure and efficient code.
- Provide expertise on DeFi risks, including smart contract vulnerabilities, oracle attacks, and other DeFi-specific threats.
- Stay updated with the latest security threats, vulnerabilities, and mitigation techniques in the blockchain space.
- Provide guidance on best practices for blockchain security, especially within the context of Cosmos SDK.
- Review and analyze EVM contracts written in Solidity for potential security risks.
- Train and mentor team members on security awareness and practices.
- Primary Point of Contact for security assessments and vulnerability assessments of the protocol.
- Lead the research initiatives to enhance the security posture of ZetaChain's protocol.
- Test and triage vulnerabilities reported by our bug bounty program.
- Develop threat models and risk assessments for the protocol.
Who Would Be a Good Fit for This Role?
A candidate who embodies a blend of technical prowess in blockchain development and a keen understanding of security would be ideal for this role. Specifically:
Auditor Background:
- Those who have previously served as blockchain security auditors, understanding the intricacies of blockchain vulnerabilities and potential threats.
- Individuals with hands-on experience as software engineers, especially in blockchain development, bringing a balance of development and security expertise.
DeFi Security Background:
- Professionals who have been immersed in the DeFi sector, understanding its unique challenges and security considerations.
- Developers who have actively contributed to DeFi projects, showcasing their ability to write secure and efficient code while understanding the broader DeFi ecosystem.
Blockchain Security Research Background:
- Individuals with a background in cybersecurity research, especially within the blockchain domain. Their ability to stay ahead of emerging threats and vulnerabilities would be invaluable.
- Those who have a track record of collaborating with external security researchers and white-hat hackers, leveraging the broader community's expertise to enhance ZetaChain's security posture.
Requirements
- Our tech stack:
- Protocol: Go (Cosmos SDK, go-ethereum, btcsuite, Tendermint Core, Ethermint)
- Smart contracts: Solidity
- Location: Remote or San Francisco
- Experience: 2+ years of blockchain development experience, 2+ years of blockchain security experience.
- Must Have: Hands-on blockchain development experience.
- Additional Responsibilities: Ensure all code meets our security, performance, and reliability requirements. Participate in on-call rotation (Once every 4-5 weeks).