Osmosis Labs is hiring a
Protocol Security Engineer in Worldwide

Summary

The job is for a Security Engineer at Osmosis, a decentralized exchange focusing on the Cosmos community. The role involves safeguarding systems, protocols, and smart contracts against security threats and vulnerabilities throughout the development lifecycle. Responsibilities include integrating security best practices, assessing and implementing security controls, conducting audits, staying updated on Web3 security threats, and participating in a global on-call rotation.

Requirements

• Proven experience in security engineering with a focus on Web3 technologies - 3+ years
• In-depth understanding of blockchain security principles and cryptography (e.g., hash functions, digital signatures) - 3+ years
• Solid knowledge of smart contract vulnerabilities and exploitation techniques, ideally relevant to Cosmos (e.g., reentrancy, integer overflows, access control issues within Tendermint/Cosmos SDK) - 2+ years
• Experience with security testing tools and methodologies for Cosmos applications (e.g., static analysis tools like Mythril, dynamic analysis tools) - 2+ years
• Proficiency in programming languages commonly used in Cosmos development (e.g., Go for Chain, Rust for Smart Contracts) - 2+ years
• Understanding of secure coding practices for Cosmos smart contracts and modules (e.g., secure coding for IBC applications) - 2+ years
• Knowledge of bridge vulnerabilities and exploitation techniques for cross chain transfers - 1+ years

Responsibilities

• Collaborate with the development team to integrate security best practices and security as code into the entire development lifecycle
• Assess existing security and implement security controls and measures to mitigate vulnerabilities in our software stack
• Strengthen security incident response protocols and lead security incident investigations when necessary
• Conduct thorough internal and external security audits of our smart contracts, protocols, and systems to identify and mitigate potential security risks and vulnerabilities
• Work closely with external auditors and security experts to ensure compliance with industry standards and best practices
• Proactively develop and implement detection-as-code to identify anomalous behaviors and attacks across the environment
• Audit and address architectural flaws within the Cosmos & Osmosis stack to enhance overall system security and resilience
• Investigate vulnerability reports related to Osmosis products and systems
• Stay up-to-date on the latest Web3 security threats and trends, and proactively propose solutions to mitigate them
• Participate in a global on call rotation to help respond to security alerts and incident escalations