Swirlds Inc is hiring a
Product Security Engineer

Summary

Join our team at Hashgraph to support the development and servicing of Hedera, an open source, proof-of-stake platform. As a Security Engineer, you will conduct security reviews, collaborate with cross-functional teams, develop security testing methodologies, and provide guidance on secure coding practices.

Requirements

• Minimum 6 years of experience in application or product security, including 2-3 years of experience in software development or related field
• Familiarity with common security vulnerabilities and attack vectors
• Hands-on experience with security testing tools such as static analysis, dynamic analysis, and fuzzing tools
• Strong understanding of secure coding practices and principles (mainly Java and Solidity)
• OSWA and/or CISSP certifications are mandatory - web3 experience can be considered as an alternative if these certifications haven't been obtained

Responsibilities

• Conduct thorough security reviews of the company's products throughout the development lifecycle
• Collaborate with cross-functional teams to identify security vulnerabilities and recommend mitigation strategies
• Develop and maintain security testing methodologies and procedures
• Implement and manage automated security testing tools and processes
• Provide guidance and support to development teams on secure coding practices and security best practices
• Stay current with industry trends and emerging threats to inform and enhance product security measures
• Assist in incident response activities related to product security incidents
• Participate in security awareness training programs for internal stakeholders

Preferred Qualifications

• Relevant certifications (e.g., OSCP, OSEP, OSWE)
• Experience in Bug bounty, Security Research, CVE publications, Red teaming, and attack surface management
• Experience with cloud environments (e.g., GCP, AWS)
• Understanding of common programming languages and scripting languages, such as Python, PowerShell, or Bash
• Experience with containerization and orchestration technologies, such as Docker and Kubernetes, and their associated security best practices
• Knowledge about web3 / Blockchain / Crypto