Swirlds Inc is hiring a
Senior Product Security Engineer

Summary

Join a fast-growing software company committed to supporting, developing, and servicing Hedera, an open source, proof-of-stake platform. As a Security Engineer, you will conduct comprehensive security assessments of blockchain-based systems, write malicious smart contracts, develop security strategies, and collaborate with development teams.

Requirements

• Bachelor's or Master's degree in Computer Science, Information Security, Blockchain, Cryptography, or related field (or equivalent experience)
• 8+ years of experience in product security, application security, or penetration testing
• 2+ years of experience in blockchain security, smart contract auditing, or related roles
• Proficiency in smart contract languages such as Solidity or Rust and familiarity with blockchain platforms like Ethereum; knowledge of the Hedera Blockchain is a plus
• Strong understanding of web3 technologies and protocols (e.g., Gossip, Ethereum, IPFS, Whisper)
• Experience with security assessment tools and methodologies specific to blockchain environments
• Familiarity with common blockchain security vulnerabilities and attack vectors
• Knowledge of cryptographic principles and protocols relevant to blockchain security
• Excellent problem-solving skills and ability to analyze complex systems
• Effective communication skills and ability to work collaboratively with cross-functional teams
• Hands-on experience with security testing tools such as static analysis, dynamic analysis, and fuzzing tools
• OSWA and/or CISSP certifications are mandatory

Responsibilities

• Conducting comprehensive security assessments of blockchain-based systems, focusing on web3 security and smart contract security
• Writing malicious smart contracts to exploit and identify vulnerabilities in the Hedera blockchain
• Developing and implementing security strategies and best practices for the Hedera blockchain protocols
• Collaborating with development teams to integrate security measures into the design and implementation of blockchain solutions
• Designing and executing penetration testing and vulnerability assessments on blockchain networks and associated components
• Staying updated on emerging threats and vulnerabilities in the blockchain space and providing guidance on mitigation strategies
• Educating internal stakeholders on blockchain security best practices and principles
• Contributing to the development of security tools and frameworks tailored for blockchain environments
• Assisting in incident response activities related to blockchain security incidents
• Participating in security awareness training programs for internal stakeholders

Preferred Qualifications

• Relevant certifications (e.g., OSCP, OSEP, OSWE); relevant certifications in blockchain security or related areas (e.g., Certified Blockchain Security Professional) are a plus
• Experience in Bug bounty, Security Research, CVE publications, Red teaming, and attack surface management
• Experience with cloud environments (e.g., GCP, AWS)
• Understanding of common programming languages and scripting languages, such as Python, PowerShell, or Bash
• Experience with containerization and orchestration technologies, such as Docker and Kubernetes, and their associated security best practices