Information Security Engineer, Product
Aptos Labs · United States · 3 wk ago
RemoteRemoteInformation TechnologyFull-time
About the role
Aptos is a people-first blockchain focused on providing universal and fair access to decentralized assets. Founded by key contributors to the Diem project, Aptos aims to build a safe and scalable web3 world.
Responsibilities
- Analyze and assess novel and recurring security issues via design reviews, code audits, and penetration tests.
- Design and build security tools, and develop mitigations, frameworks, and hardening strategies tailored for vulnerability prevention and detection.
- Review and develop secure operational practices, and provide security guidance for engineers.
- Respond to and triage reports from bug bounty programs.
Minimum Qualifications
- B.S. or M.S. in Computer Science, a related technical field, or equivalent experience.
- 3+ years of experience in vulnerability research and exploitation.
- Experience with native development practices and common vulnerability patterns (e.g., Rust, C, etc.).
- Experience with automated security analysis tooling and frameworks (fuzzing, static analysis, etc.).
Preferred Qualifications
- Contributions to the security community (public research, blogging, talks in relevant conferences, etc.)
- Experience with virtual machines or complex runtime environments, such as MoveVM (extra bonus), EVM, WASM, or LLVM-based runtimes, including their security models, sandboxing, and execution isolation.
- Familiarity with smart contract programming languages (extra bonus for Move), security tools, and frameworks, including formal verification.
Benefits
- 100% insurance premium coverage for medical, dental, and vision for you and your dependents (US Employees)
- Equipment of your choice
- Flexible vacation time, 11 holidays, and floating company days off
- Competitive Salary
- Protocol Token Grants
- 401k matching (US Employees)
- Fun and inclusive in-person and digital events
Pay
Competitive Salary
Schedule
Flexible schedule
Qualifications
B.S. or M.S. in Computer Science, a related technical field, or equivalent experience.
3+ years of experience in vulnerability research and exploitation.
Experience with native development practices and common vulnerability patterns (e.g., Rust, C, etc.).
Experience with automated security analysis tooling and frameworks (fuzzing, static analysis, etc.).
Skills
- Native development practices
- Vulnerability research and exploitation
- Automated security analysis tooling and frameworks
- Virtual machines or complex runtime environments
- Smart contract programming languages (extra bonus for Move)
- Security tools and frameworks, including formal verification
Benefits
- 100% insurance premium coverage for medical, dental, and vision for you and your dependents (US Employees)
- Equipment of your choice
- Flexible vacation time, 11 holidays, and floating company days off
- Competitive Salary
- Protocol Token Grants
- 401k matching (US Employees)
- Fun and inclusive in-person and digital events