About the role:
As a Security Engineer at Aptos Labs, you will play a critical role in ensuring the security and integrity of the Aptos ecosystem. You will be responsible for proactively identifying and mitigating security risks in Aptos core infrastructure and Aptos Labs products and services by conducting design reviews, code audits, penetration tests, and overseeing bug bounty programs. Your expertise in vulnerability detection and prevention will be invaluable as you collaborate with developers to create and adopt security-focused tools and frameworks. You will also be a valuable resource for all our engineering teams, providing guidance and training on security best practices to help safeguard our ecosystem. You will have the opportunity to contribute to the security community and shape the future of the web3 landscape.
Aptos is a people-first blockchain on a mission to help billions of people achieve universal and fair access to decentralized assets in a safe and scalable way.
Founded by some of the original creators and maintainers that researched, designed, and built the Diem blockchain to serve this purpose, we have dedicated several years toward this mission. We believe the open-source Diem technology we have developed is an important foundation of a safe and scalable web3 world where everyone has more equitable opportunities to grow and access financial assets with lower fees and fewer intermediaries.
Aptos (Ohlone for "The People") encompasses our mission and ethos for why we build.
What you’ll be doing:
- Analyze and assess novel and recurring security issues via design reviews, code audits, penetration tests and bug bounty programs.
- Build and prototype security tools, exploit mitigations, frameworks and hardening strategies tailored for vulnerability detection and prevention.
- Review and develop secure operational practices, and provide security guidance for engineers and support staff.
What we’re looking for:
- B.S. or M.S. in Computer Science, a related technical field, or equivalent experience.
- Experience in vulnerability research and exploitation
- Familiarity with native and web programming languages, development practices, and common bug patterns (we use a lot of Rust and TypeScript, Pulumi, Terraform, and Helm)
- Familiarity with analysis tooling and frameworks (fuzzing, static analysis, flamegraph, etc.)
- Contributions to the security community (public research, blogging, presentations, etc.) preferred
- Familiarity with web3 programming languages (Move, Solidity, etc.), security tools and frameworks, including formal verification preferred.
- 100% insurance premium coverage for medical, dental, and vision for you and your dependents (US Employees)
- Equipment of your choice
- Flexible vacation time, 11 holidays, and floating company days off
- Competitive Salary
- Equity (RSUs)
- Protocol Token Grants
- 401k matching (US Employees)
- Fun and inclusive in-person and digital events
Aptos is committed to diversity in the workplace, and we’re proud to be an Equal Opportunity Employer. We do not hire on the basis of race, color, religion, creed, gender, national origin, citizenship, age, disability, veteran status, marital status, pregnancy, parental status, sex, gender expression or identity, sexual orientation, or any other basis protected by local, state or federal law. All employment is decided based on qualifications, merit, and business need.