Security Engineer, Solana

Asymmetric Research:

Asymmetric Research ("AR") is a specialized security firm focused on deep partnerships with L1/L2 blockchains and DeFi protocols in an effort to keep them safe. We specialize in four core domains of web3 security; research, engineering, incident response, and infrastructure services.

Culture:

AR is a fully remote organization and members of our team have been strongly committed to open-source values for decades, having worked at organizations with deep open-source roots and strong security programs including Google, Netflix, Mozilla, Stripe, and Jump Crypto. We pride ourselves on maintaining the highest levels of confidentiality, trust, and professionalism.

Responsibilities:

• Design and implement security and defense-in-depth controls to prevent and limit vulnerabilities.

• Perform cutting-edge security research in Solana and other Rust-based blockchains and smart contract platforms.

• Develop security tooling and developer workflows to aid in the early detection of vulnerabilities.

• Collaborate with core contributors to conduct internal security audits.

• Shepherd external security audits with the help of leading third-party audit firms.

• Operate bug bounty programs on Immunefi, including leading, monitoring, and triaging submissions.

• Work in a diverse, decentralized team environment with Web3 professionals.

• Clearly communicate security risks, findings, and proposed solutions.

• Adhere to the highest standards of integrity, trust, and professionalism.

Requirements:

• Strong desire to understand how things work, with the ability to quickly absorb new information.

• Familiarity with one or more Rust-based smart contract platforms (e.g., Solana, CosmWasm, NEAR), with a strong preference for existing Solana experience.

• Proven experience as a consultant, engineer, bug bounty hunter, or auditor.

• Prior experience working with open-source development practices.

• Willingness and aptitude to learn multiple Rust-based and C-based runtimes.

• Understanding of blockchain infrastructure technologies such as bridging or oracles.

• Prior experience with code reviews.

• Prior experience with reverse engineering, fuzzing, and/or binary exploitation.

• Prior high ranking on bug bounty leaderboards, code audit contests, or CTF competitions.

Benefits:

• 25-days paid vacation

• Office and equipment stipend

• Pension / 401K programs

• Life Insurance

• Premium Healthcare

• Competitive Base Salary

• Lucrative Bonus Programs