Job Level
Mid-LevelSenior
Tech Stack
RustSolidityWeb3
About the role
- Provide timely, appropriate, and thorough responses to reported vulnerabilities and improve defense strategy
- Review incoming Smart Contract and Blockchain/DLT vulnerability reports and reproduce issues, assessing the severity and impact of each issue within the context of each organization’s threat model
- Triage incoming Bug Report submissions for Code Contests and Attackathons, lead or participate in technical walkthrough calls, support ongoing Boosts/Attackathons by ensuring that duplicates and Chief Finder’s bug reports are correctly marked and triaged, and collaborate with the team to enhance existing processes while proposing your own improvements.
- Work with hackers to identify missing information in reports, as well as help educate the community when reports are incorrect
- Write a brief summary for each report, including clear reproduction steps, the impact of the issue, and remediation advice
- Coordinate with our Bug Bounty Program team and customers to ensure smooth triage workflows for any programs you work with
- Draft, manage, and refine bug bounty programs, ensuring they are effectively designed to attract top talent and deliver valuable security insights. Monitor the progress of these programs and provide continuous feedback for improvement.
- Liaise across & advocate for parties on both sides of the Bug Bounty (Projects & Whitehats), providing advice, support & technical consultation to ensure accuracy of information, fairness of outcome & engagement of users
- Proactively identify and solve issues, as well as accept and quickly respond to delegated work
- Collaborate with the team to continuously improve triage processes, proposing and implementing enhancements that increase efficiency and effectiveness in handling bug reports and managing contests.
Requirements
- For this role, we require applicants who are able to commit to working 2 weekend days and 3 mid-week days and who are able to provide coverage of 21:00 - 01:00 UTC
- Ability to prioritize and organize operationally complex work, with great attention to detail
- Strong analytical and problem-solving skills, with the ability to quickly assess complex issues and develop effective solutions.
- Deep technical understanding of Smart Contracts, Smart Contract errors & Smart Contract vulnerabilities
- Ability to read and understand majorly popular EVM based Smart Contracts programming languages like solidity, vyper etc.
- Deep technical understanding of Blockchain/DLTs, Blockchain errors & Blockchain/DLT vulnerabilities
- Ability to read and understand majorly popular Rust Based Blockchains programming languages like Solana, Substrate, etc.
- Familiarity with newest Web3 security trends
- Ability to audit the code identifying and highlighting all vulnerabilities found in the code
- Ability to Understand how different DeFi and Blockchain protocols work and ability to apply that knowledge to understand the nature of the vulnerability.
- Ability to quickly understand new DeFi protocols and unfamiliar code bases
- Ability to quickly understand new Blockchain/DLT Networks and unfamiliar code bases
- Top notch communication and writing skills: need to be able to firmly, yet politely, respond to non-issues, non-bias towards the project or whitehat, as well as identify legitimate issues and communicate them to security teams in an easy to understand format
- Technical knowledge around Web3 security: ability to identify and reproduce reported vulnerabilities, as well as assess contextual risk