Security Engineer (Web3 and Web2)

Role & Responsibilities We are seeking a Security Engineer I to join our team. The ideal candidate will be responsible for both Web3 and Web2 security paradigms, knowledge of Amazon Web Services (AWS), and proficiency in monitoring and alerting systems. This role involves ensuring the security of our digital assets, infrastructure, and applications. **Responsibilities** - Perform penetration testing of applications/products based on Web, Mobile, Web3 assets like Smart Contract, Bitcoin Script, etc. - Plan and perform red team exercises in a variety of environments. - Manage applications/products bug bounty program with validation and response mechanism for vulnerabilities submitted by external researchers. - Continuous research on new attack vectors/techniques and their mitigations. - Manage attack surface based on risk assessment for the business. - Develop scripts, tools and methodologies to enhance security posture of the whole company and its applications/products. - Manage continuous passive and active monitoring and alert systems such as Prometheus, Grafana, Wazuh, etc. - Apply knowledge of AWS services to support the maintenance of secure cloud infrastructure. Deployment and management of security tools (open source and commercial) - Clear communication for vulnerability reports and their remediation required. - Work with cross-functional teams to align and priorities remediation efforts. - Work collaboratively/independently on unique or special assignments which may require specialized knowledge and/or experience. - Comply with company, division and professional ethical standards. Ideal Candidate - Strong Security Engineer Profile — Web3 & Web2 | Penetration Testing, Cloud Security & Blockchain - Mandatory (Experience) — Must have 4+year of experience in a security engineering role or related position — covering both Web3 and Web2 security paradigms across application, infrastructure, and cloud security contexts. - Mandatory (Penetration Testing & Red Teaming) — Must have hands-on experience performing penetration testing on Web, Mobile, and Web3 assets — including Smart Contracts and Bitcoin Scripts — and must have planned or executed red team exercises across varied environments. - Mandatory (Application Security Knowledge) — Must have strong working knowledge of OWASP Top 10, SANS Top 25, NIST, MITRE ATT&CK, and shift-left security methodologies — with the ability to apply these in vulnerability identification and risk prioritisation. - Mandatory (Infrastructure & Networking Architecture) — Must have a strong understanding of application, infrastructure, and networking architecture — with the ability to assess attack surfaces holistically and manage risk across business assets. - Mandatory (Monitoring & Alerting) — Must be proficient in deploying and managing continuous monitoring and alerting systems — with direct exposure to tools such as Prometheus, Grafana, Wazuh, or comparable security tooling. - Mandatory (AWS & Cloud Security) — Must have working familiarity with AWS services and basic cloud security concepts — with practical ability to support and maintain secure cloud infrastructure. - Mandatory (Scripting & Tooling) — Must be able to develop scripts, tools, and methodologies to enhance security posture — with working knowledge of at least one of Go, Rust, TypeScript, or Python. - Mandatory (Blockchain Security Fundamentals) — Must have a foundational understanding of blockchain technologies and associated security considerations — covering smart contract security, Bitcoin script analysis, or related Web3 attack vectors. - Mandatory (Education) — Must hold a Bachelor's degree in Computer Science, Information Technology, or a related field. - Mandatory (Company)- Candidate must have prior experience working at a blockchain or Web3-native product company. - Preferred (Experience Depth) — More than 2 years in a security engineering role is a plus — reflecting deeper ownership of security programmes and broader exposure to advanced attack techniques. - Preferred (Bug Bounty Program Management) — Experience managing a bug bounty program end-to-end — including vulnerability validation, researcher response coordination, and clear written communication of findings and remediation — is a meaningful plus. - Preferred (Certifications) — Holding any one of C-PENT, eJPT, PWPP, or GPEN is a plus as validated evidence of offensive security competency. - Role Structure — Note: This is an Individual Contributor (IC) role initially — with the expectation of building and leading a security team as the function matures. Skills: infrastructure,cloud,web2,security,web3,cloud security,penetration testing,blockchain,aws