Security Engineer

Summary

Join Mantle Network, a leading Ethereum layer 2 ecosystem, as a Security Engineer. You will be responsible for identifying and mitigating security risks throughout the software development lifecycle. This includes code auditing, pre-launch testing, post-launch monitoring, vulnerability management, and incident response. You will also provide security training to developers and collaborate with business units to ensure security best practices are followed. The ideal candidate possesses extensive experience in penetration testing, code auditing, and security incident response, along with a strong understanding of blockchain technology. We encourage applications from individuals who may not meet all criteria but possess valuable experience.

Requirements

• Bachelor's degree or higher
• 5+ years of experience in penetration testing and code auditing
• Proficiency in at least one programming language (Nodejs, Golang, etc.)
• Mastery of security incident response techniques and processes
• Familiarity with penetration testing and APT attack and defense techniques, including internal network penetration (including various types of lateral privilege escalation, anti-killing techniques, tunnel penetration techniques, etc.)
• Familiarity with secure design for common internet business scenarios and data security best practices
• Familiarity with common encryption and signature algorithms, TLS, OAuth, JWT, and related technologies
• Familiarity with common public chains (BTC/ETH, etc.) and the basic working principles of digital currency wallets
• Proactive thinking and strong learning ability

Responsibilities

• Identify and assess security risks during the development process
• Conduct code audits and pre-launch testing
• Monitor for risks after launch
• Handle security vulnerabilities and alerts
• Assist business units in fixing vulnerabilities
• Provide security training to developers
• Offer effective solutions for security issues in code
• Respond to security incidents and resolve issues promptly
• Continuously track, analyze, and mine relevant industry intelligence for risk warnings
• Regularly coordinate with business units, sharing the latest security status, requirements, and standards, and working together on implementation

Preferred Qualifications

• Experience with threat modeling, SDL/DevSecOps practices
• Experience with APT attribution
• Experience in developing security tools and platforms
• Experience in developing and responding to contingency plans, and experience in continuously tracking and operating relevant industry intelligence