Senior Security Engineer

Job Description Senior Security Engineer

About Hashira

We are a blockchain R&D studio, driven by our commitment to bridging (pun intended) the divide between foundational blockchains like Bitcoin and the thriving DeFi ecosystem. Our coreexpertiselies in solving intricate blockchain challenges through rigorous research in the realms of cryptography, game theory, and protocol design.

Our mission is to make web3 simple and hassle-free for everyone. No intimidating complexities, just pure potential. We began our journey in 2022, witha previousexperience of building two billion-dollar web3 projects, Ren and Rook under our belt.

Our flagship product is theCatalog Wallet, a unique implementation of a multichain wallet that lets you use native bitcoin directly on anyDApp. We also help power web3 projects likeGardento become cross-chainseamlessly.

Role Description

We are seeking a SecurityEngineerto join our team. The ideal candidate willbe responsible forboth Web3 and Web2 security paradigms, knowledge of Amazon Web Services (AWS), andproficiencyin monitoring and alerting systems. This role involves ensuring the security of our digital assets, infrastructure, and applications.

Responsibilities:

• Perform penetration testing of applications/products based on Web, Mobile, Web3 assets like Smart Contract, Bitcoin Script, etc.
• Plan and perform red team exercises in a variety of environments.
• Manage applications/products bug bounty program with validation and response mechanism for vulnerabilitiessubmittedby external researchers.
• Continuous research on new attack vectors/techniques and their mitigations.
• Manage attacksurfacebased on risk assessment for the business.
• Develop scripts,toolsand methodologies to enhance security posture of the whole company and its applications/products.
• Manage continuous passive and active monitoring and alert systems such as Prometheus, Grafana,Wazuh, etc.
• Apply knowledge of AWS services to support the maintenance of secure cloud infrastructure.
• Deployment and management of security tools (open source and commercial)
• Clear communication for vulnerability reports and their remediationrequired.
• Work with cross-functional teams to align andprioritiesremediation efforts.
• Work collaboratively/independently on unique or special assignments which may require specialized knowledge and/or experience.
• Comply withcompany,divisionand professional ethical standards.

Essential Qualifications

• Bachelor's degree in Computer Science, Information Technology, ora relatedfield.
• Foundational understanding of blockchain technologies and associated security considerations.
• At least 1 year of experience in a security engineering role or a related position.
• Proficiencyin using monitoring and alerting tools.
• Uncompromising personal and professional integrity and ethics.
• Strong understanding of application,infrastructureand networking architecture
• Strong exposure to popular application security standards including OWASP top10, SANS top25, NIST, MITRE ATT&CK,etc; and shift left security methodologies
• Any one of these certifications: C-PENT,eJPT, PWPP, GPEN. (Good to have)
• Ability to think critically andidentifyareas of technical and non-technical risk.
• Good at writing technical reports and executive summary to communicate risk to required ones.
• Familiarity with AWS services and basic cloud security concepts.
• Understanding oflanguages like Go, Rust,TypeScriptand Python.

Preferred Qualifications

• More than 3+ years of experience in a security engineering role ora relatedposition.
• Triaged public bug bounties.
• Published regular security related blogs,videosor any other resources for community growth.
• Worked with distributed systems in real worldscenarioorbuildPOC of Raft like protocols.
• Exceptional CTF recognition in competitions or on Try Hack Me, HackTheBox, etc.sortof platforms.