Cybersecurity Analyst – Smart Contract Security Testing

Job Description

Role: Cybersecurity Analyst Smart Contract Security Testing

Location: Pune, India (Hybrid / Remote)

Experience: 2-5 years

About the Role

We are seeking a Cybersecurity Analyst specializing in Smart Contract Security to perform security audits, penetration testing, and vulnerability assessments for blockchain-based applications.

The role focuses on identifying vulnerabilities defined in the OWASP Smart Contract Top 10, ensuring the security of decentralized applications (dApps), DeFi protocols, and smart contracts deployed on EVM-based blockchains.

The ideal candidate will have experience in smart contract auditing, Web3 security tools, and blockchain protocols.

Key Responsibilities

1. Smart Contract Security Testing

• Perform manual and automated security testing of smart contracts.
• Identify vulnerabilities aligned with OWASP Smart Contract Top 10 including:
• Reentrancy attacks
• Integer overflow / underflow
• Timestamp dependence
• Access control vulnerabilities
• Front-running attacks
• Denial-of-service risks
• Logic errors
• Insecure randomness
• Gas limit vulnerabilities
• Unchecked external calls
• Conduct code reviews of Solidity and smart contract architectures.

2. Security Audits

• Perform full smart contract security audits before deployment.
• Analyze contracts interacting with:
• ERC20
• ERC721 / ERC1155
• DeFi protocols
• Oracles
• Layer-2 networks.
• Evaluate upgradeability patterns, proxy contracts, and governance mechanisms.

3. Automated Security Analysis

Use and maintain automated tools such as:

• Slither
• Mythril
• Echidna
• Foundry / Forge
• Manticore
• Securify
• Oyente

Conduct:

• Static analysis
• Symbolic execution
• Fuzz testing
• Gas usage analysis.

4. Penetration Testing

• Simulate attack scenarios against smart contracts and dApps.
• Test vulnerabilities such as:
• Flash loan attacks
• Oracle manipulation
• Front-running / MEV attacks
• Reentrancy exploits
• Conduct adversarial testing against deployed contracts.

5. Security Reporting

• Produce professional audit reports including:
• Vulnerability description
• Risk severity
• Exploit scenario
• Recommended remediation
• Work closely with developers to resolve vulnerabilities.

Required Skills

Blockchain & Smart Contracts

• Solidity
• Ethereum Virtual Machine (EVM)
• ERC token standards
• Hardhat / Foundry / Truffle

Security Knowledge

• OWASP Smart Contract Top 10
• Smart contract attack vectors
• Cryptography basics
• Blockchain consensus models

Security Tools

• Slither
• Mythril
• Echidna
• Foundry
• Tenderly
• Remix debugging tools

Preferred Experience

• 25 years experience in cybersecurity or blockchain security
• Experience auditing DeFi or Web3 protocols
• Understanding of MEV and DeFi attack vectors
• Experience reviewing large Solidity codebases

Nice to Have

• Bug bounty experience (Immunefi / HackerOne)
• Participation in Web3 security audits
• Experience with:
• Layer 2 (Arbitrum / Optimism)
• Cross-chain bridges
• Zero knowledge systems

Education

Bachelor's or Masters degree in:

• Cybersecurity
• Computer Science
• Information Security
• Blockchain Technology

Relevant certifications:

• CEH
• OSCP
• Certified Blockchain Security Professional

Deliverables

The analyst will be responsible for producing:

• Smart contract audit reports
• Security testing documentation
• Risk mitigation recommendations
• Secure coding guidelines for developers