Product Security Engineer

Location: Remote - Remote APAC & EU Remote | Full-time Compensation: $75K - $85K

Our client is a fast-growing, enterprise-grade software organization committed to supporting, developing, and servicing a leading open-source, proof-of-stake distributed ledger platform. As an EVM-compatible network built to meet the rigorous demands of global developers and institutions, the platform prioritizes speed, security, stability, and sustainability, and is governed by industry-leading organizations across multiple sectors and regions.

As the platform scales with new protocol upgrades, EVM-compatible services, cross-chain infrastructure, and cryptographic primitives, managing the expanding attack surface is paramount. The Product Security Engineer will be responsible for embedding security directly into the product development lifecycle, ensuring that security remains a first-class property of every protocol upgrade, smart contract, and node shipped to production. This role focuses on hands-on vulnerability discovery, adversarial testing, and proactive threat mitigation before code reaches production.

Key Responsibilities • Security Assessments & Threat Modeling: Conduct end-to-end security assessments of blockchain-based systems, spanning cryptographic primitive design, protocol architecture, smart contract implementation, and deployed infrastructure. Own threat modeling and security architecture reviews across all product phases. • Vulnerability Discovery & Exploitation: Identify real-world vulnerabilities through rigorous hands-on code reviews, adversarial testing, and the development of proof-of-concept exploits for native services, EVM-compatible contracts, cross-chain bridges, and consensus-layer components. • Engineering Partnership: Partner directly with core engineering teams to translate complex cryptographic and protocol-level risks into prioritized, actionable remediation workflows. Define and enforce security gates prior to production deployment. • Security Automation & Tooling: Build, scale, and improve security tooling, fuzzing infrastructure, and CI/CD security automation to maximize security coverage efficiently. • Research & Mitigation: Track emerging blockchain and Web3 attack patterns, map them to the internal codebase, and drive proactive mitigation strategies.