Hashgraph

Product Security Engineer

Hashgraph

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Job Level

SeniorLead

Tech Stack

IPFSJavaRustWeb3

About the role

  • Conduct comprehensive product security assessments of blockchain-based systems, with a strong focus on Web3 security, smart contracts, and protocol-level risks
  • Design and write malicious smart contracts and adversarial test cases to exploit and identify vulnerabilities in Hedera Blockchain and EVM-compatible systems
  • Develop, implement, and continuously improve security strategies, architectures, and best practices for Hedera blockchain protocols, smart contracts, bridges, and associated services
  • Partner closely with engineering teams to embed security into design, development, and deployment workflows
  • Design and execute penetration testing, threat modeling, and vulnerability assessments across blockchain networks, nodes, APIs, and supporting infrastructure
  • Identify, track, and stay ahead of emerging blockchain and Web3 threats, exploits, and attack patterns; provide actionable mitigation guidance
  • Build and contribute to security tooling, frameworks, and automation tailored for blockchain environments, including CI/CD integrations
  • Leverage AI/LLMs and automation to enhance product security reviews, vulnerability discovery, threat modeling, and security testing workflows
  • Assist in incident response and post-incident analysis related to blockchain security events, including root cause analysis and remediation guidance
  • Educate engineers and internal stakeholders on blockchain security principles, secure coding practices, and real-world attack scenarios
  • Participate in and contribute to security awareness and secure development training programs across the organization

Requirements

  • Bachelor’s or Master’s degree in Computer Science, Information Security, Cryptography, Blockchain, or a related field (or equivalent practical experience)
  • 8+ years of experience in product security, application security, or penetration testing, including 2+ years focused on blockchain security, smart contract auditing, or Web3 security
  • Solid understanding of EVM internals, smart contract execution, and common Web3 architectures; knowledge of Hedera Blockchain is a strong plus
  • Deep knowledge of Web3 technologies and protocols, such as Ethereum, gossip-based networks, IPFS, and related decentralized systems
  • Proven experience with blockchain-specific security assessment tools, methodologies, and manual testing techniques
  • Strong understanding of blockchain attack vectors and vulnerability classes, including gas fees, authorization control flaws, fungible and non-fungible tokens issues, and bridge exploits
  • Working knowledge of cryptographic principles and protocols relevant to blockchain systems (hashing, signatures, key management, consensus assumptions)
  • Hands-on experience with static analysis, dynamic analysis, fuzzing, and custom security testing tools
  • Strong understanding of secure coding practices, particularly in Java and Rust
  • Excellent analytical, problem-solving, and communication skills, with the ability to collaborate effectively across engineering and product teams.
Benefits
  • Health insurance
  • Professional development opportunities
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
blockchain securitysmart contract auditingpenetration testingvulnerability assessmentsEVM internalsWeb3 technologiesstatic analysisdynamic analysissecure coding practicescryptographic principles
Soft Skills
analytical skillsproblem-solving skillscommunication skillscollaboration skills
Certifications
Bachelor’s degree in Computer ScienceMaster’s degree in Information Securitydegree in Cryptographydegree in Blockchain