Hashgraph, formerly Swirlds Labs, is a software company home to some of the brightest minds in web3.

Product Security Engineer

Security EngineerSecurity EngineerFull TimeRemoteTeam 51-200Since 2022H1B No SponsorCompany Site LinkedIn

Location

United States

Posted

50 days ago

Salary

Not specified

Bachelor Degree8 yrs expEnglishIPFSJavaRustWeb3

Job Description

• Conduct comprehensive product security assessments of blockchain-based systems, with a strong focus on Web3 security, smart contracts, and protocol-level risks • Design and write malicious smart contracts and adversarial test cases to exploit and identify vulnerabilities in Hedera Blockchain and EVM-compatible systems • Develop, implement, and continuously improve security strategies, architectures, and best practices for Hedera blockchain protocols, smart contracts, bridges, and associated services • Partner closely with engineering teams to embed security into design, development, and deployment workflows • Design and execute penetration testing, threat modeling, and vulnerability assessments across blockchain networks, nodes, APIs, and supporting infrastructure • Identify, track, and stay ahead of emerging blockchain and Web3 threats, exploits, and attack patterns; provide actionable mitigation guidance • Build and contribute to security tooling, frameworks, and automation tailored for blockchain environments, including CI/CD integrations • Leverage AI/LLMs and automation to enhance product security reviews, vulnerability discovery, threat modeling, and security testing workflows • Assist in incident response and post-incident analysis related to blockchain security events, including root cause analysis and remediation guidance • Educate engineers and internal stakeholders on blockchain security principles, secure coding practices, and real-world attack scenarios • Participate in and contribute to security awareness and secure development training programs across the organization

Job Requirements

Bachelor’s or Master’s degree in Computer Science, Information Security, Cryptography, Blockchain, or a related field (or equivalent practical experience)
8+ years of experience in product security, application security, or penetration testing, including 2+ years focused on blockchain security, smart contract auditing, or Web3 security
Solid understanding of EVM internals, smart contract execution, and common Web3 architectures; knowledge of Hedera Blockchain is a strong plus
Deep knowledge of Web3 technologies and protocols, such as Ethereum, gossip-based networks, IPFS, and related decentralized systems
Proven experience with blockchain-specific security assessment tools, methodologies, and manual testing techniques
Strong understanding of blockchain attack vectors and vulnerability classes, including gas fees, authorization control flaws, fungible and non-fungible tokens issues, and bridge exploits
Working knowledge of cryptographic principles and protocols relevant to blockchain systems (hashing, signatures, key management, consensus assumptions)
Hands-on experience with static analysis, dynamic analysis, fuzzing, and custom security testing tools
Strong understanding of secure coding practices, particularly in Java and Rust
Excellent analytical, problem-solving, and communication skills, with the ability to collaborate effectively across engineering and product teams.