Product Security Engineer
ZetaChain aims to be the only blockchain you’ll ever need. It is a layer 1 blockchain and developer platform that connects any L1 and L2, from Ethereum to Bitcoin and beyond. Access all of crypto in one place, as a developer or user.
ZetaChain prides itself on its vibrant and active community, a testament to our growing impact and relevance in the blockchain space:
- Thriving Ecosystem: Over 150+ dApps developed, showcasing diverse innovation and utilization.
- Engagement: With over 800K+ followers on Twitter and an equally active Discord community of 800K+ members, ZetaChain fosters a dynamic environment for engagement, and collaboration.
- Activity: Our testnet has seen over 35K+ smart contracts deployed and processed over 25M+ transactions.
- Well Funded: Raised over $27M!
Find out more about our ecosystem.
Find out more about our hiring culture: Dream Team Culture .
At ZetaChain, we are seeking a dedicated Product Security Engineer to play a pivotal role in fortifying the security of our cutting-edge protocol. As our first full-time Product Security Engineer, you will play a critical role in ensuring the security of our blockchain protocol and associated products. You will work closely with our development teams to design, implement, and maintain security measures that protect our applications against sophisticated threats.
Why You Want To Work Here
ZetaChain is a trailblazer in Layer 1 blockchain technology, establishing a secure, scalable, and interoperable multi-chain ecosystem. A few other benefits include:
- Collaborative Environment: Work alongside a team of dedicated professionals, each bringing unique expertise to the table.
- Remote Flexibility: Enjoy the freedom and flexibility of a remote work environment, ensuring a work-life balance. Plus, visits to our San Francisco HQ and crypto events worldwide!
- Cutting-Edge Technology: Dive deep into the latest advancements in blockchain technology with ZetaChain’s innovative protocol.
- High End Workstations: Get the latest tech for your home office and a cutting edge laptop
- Impactful Role: Play a pivotal role in shaping the security and efficiency of a leading blockchain protocol.
- Continuous Learning: Stay updated with the rapidly evolving blockchain landscape, ensuring you’re always at the forefront of the industry.
- Community Engagement: Collaborate with external security researchers and white-hat hackers, tapping into the broader community’s expertise.
- Exceptional Healthcare: Enjoy access to a premium healthcare plan that covers a wide range of medical, dental, and vision services, ensuring you and your family’s health and well-being.
- Secure Development Lifecycle Management: Construct and oversee a robust secure development lifecycle, encompassing developer security training, integration of static/dynamic analysis tools, third-party testing, and security checks within CI/CD pipelines.
- Security Assessments: Conduct comprehensive security assessments, code audits, and design reviews to identify vulnerabilities and risks in our blockchain protocol and other ZetaChain products.
- Threat Modeling: Develop comprehensive threat models and conduct risk assessments for new and existing applications, ensuring thorough security coverage.
- Dependency Security: Vigilantly manage and secure the software supply chain, including the evaluation and monitoring of third-party libraries and dependencies to prevent vulnerabilities impacting production applications.
- Security Tooling Development: Design and code new security tools and integrations to enhance our security framework, requiring hands-on coding experience and a proactive approach to security challenges.
- Bug Bounty and Audit Management: Administer our bug bounty initiatives and cultivate relationships with external auditors to enhance our security posture.
- Security Intelligence: Maintain an up-to-date understanding of the latest security threats, vulnerabilities, and countermeasures in the blockchain domain.
- Vendor Collaboration: Identify and liaise with third-party security vendors to augment our security capabilities when necessary.
- Blockchain Security Expertise: Offer insights on blockchain security, with a keen eye on smart contract vulnerabilities, oracle attacks, and other DeFi-specific threats.
Who Would Be a Good Fit for This Role?
A candidate with a keen understanding of cyber security, secure development lifecycle, and blockchain would be ideal for this role. Specifically:
- Auditor Background:
- Those who have previously served as blockchain security auditors, understanding the intricacies of blockchain vulnerabilities and potential threats.
- Security professionals who have contributed to the development or auditing of decentralized applications (DApps) and can bring insights from both security and developer perspectives to the role.
- DeFi Security Background:
- Professionals who have been immersed in the DeFi sector, understanding its unique challenges and security considerations.
- Security professionals who have actively contributed to DeFi projects, showcasing their ability to write secure and efficient code while understanding the broader DeFi ecosystem.
- Blockchain Security Research Background:
- Individuals with a background in cybersecurity research, especially within the blockchain domain. Their ability to stay ahead of emerging threats and vulnerabilities would be invaluable.
- Those who have a track record of collaborating with external security researchers and white-hat hackers, leveraging the broader community’s expertise to enhance ZetaChain’s security posture.
- Web Application Security Background:
- Those who have worked on projects where blockchain and web applications intersect, understanding the security implications of integrating blockchain into web environments.
- Expertise in securing web applications, with a deep understanding of OWASP Top 10 and experience in implementing robust security measures.
- Must Be Familiar With Our Tech Stack
- Protocol: Go (Cosmos SDK, go-ethereum, btcsuite, Tendermint Core, Ethermint)
- Dapps & WebApps: TypeScript, Vercel
- Infrastructure: Terraform, Ansible, AWS, GCP
- Smart contracts: Solidity
- San Francisco or Remote in USA
- Experience with blockchain technology and smart contracts even if not at an expert level
- Previous experience as a security engineer focused on web applications or blockchain technology
- Exceptional problem-solving skills
- Strong communication skills, with the ability to convey complex security issues to a broad audience.
- Must be comfortable getting hands-on and writing code as needed
- Must play well with others, security is a team sport and at ZetaChain everyone participates!
- Additional Responsibilities
- Ensure all code meets our security, performance, and reliability requirements
- Participate in on-call rotation (Once every 4 weeks)