About Hashgraph:

Hashgraph is a fast-growing software company committed to supporting, developing and servicing Hedera, an open source, proof-of-stake platform. Hedera is EVM-compatible and has been specifically built to meet the needs of enterprise and Web3 applications, which require speed, security, stability and sustainability. Hedera's public network is governed by industry-leading organizations, spanning 11 sectors and 14 regions who oversee the development and direction of the decentralized platform.

You may find yourself doing all of the following:

Conduct comprehensive product security assessments of blockchain-based systems, with a strong focus on Web3 security, smart contracts, and protocol-level risks
Design and write malicious smart contracts and adversarial test cases to exploit and identify vulnerabilities in Hedera Blockchain and EVM-compatible systems
Develop, implement, and continuously improve security strategies, architectures, and best practices for Hedera blockchain protocols, smart contracts, bridges, and associated services
Partner closely with engineering teams to embed security into design, development, and deployment workflows
Design and execute penetration testing, threat modeling, and vulnerability assessments across blockchain networks, nodes, APIs, and supporting infrastructure
Identify, track, and stay ahead of emerging blockchain and Web3 threats, exploits, and attack patterns; provide actionable mitigation guidance
Build and contribute to security tooling, frameworks, and automation tailored for blockchain environments, including CI/CD integrations
Leverage AI/LLMs and automation to enhance product security reviews, vulnerability discovery, threat modeling, and security testing workflows
Assist in incident response and post-incident analysis related to blockchain security events, including root cause analysis and remediation guidance
Educate engineers and internal stakeholders on blockchain security principles, secure coding practices, and real-world attack scenarios
Participate in and contribute to security awareness and secure development training programs across the organization

Qualification Requirements:

Must be available to work within the EU time zones
Bachelor's or Master's degree in Computer Science, Information Security, Cryptography, Blockchain, or a related field (or equivalent practical experience)
8+ years of experience in product security, application security, or penetration testing, including 2+ years focused on blockchain security, smart contract auditing, or Web3 security
Solid understanding of EVM internals, smart contract execution, and common Web3 architectures; knowledge of Hedera Blockchain is a strong plus
Deep knowledge of Web3 technologies and protocols, such as Ethereum, gossip-based networks, IPFS, and related decentralized systems
Proven experience with blockchain-specific security assessment tools, methodologies, and manual testing techniques
Strong understanding of blockchain attack vectors and vulnerability classes, including gas fees, authorization control flaws, fungible and non-fungible tokens issues, and bridge exploits
Working knowledge of cryptographic principles and protocols relevant to blockchain systems (hashing, signatures, key management, consensus assumptions)
Hands-on experience with static analysis, dynamic analysis, fuzzing, and custom security testing tools
Strong understanding of secure coding practices, particularly in Java and Rust
Excellent analytical, problem-solving, and communication skills, with the ability to collaborate effectively across engineering and product teams

Other skills that are great to bring with you but that we can help you develop:

Industry-recognized security certifications such as OSCP, OSEP, OSWA, OSWE; blockchain security certifications are a plus
Experience in bug bounty programs, security research, CVE publications, red teaming, or attack surface management
Experience securing or operating systems in cloud environments (AWS, GCP, Azure), including IAM and key management
Proficiency in scripting and general-purpose programming languages such as Python, Bash, or PowerShell for tooling and automation
Experience with containerization and orchestration technologies (Docker, Kubernetes) and their associated security best practices
Familiarity with DevSecOps pipelines, CI/CD security controls, and infrastructure-as-code security

Jobs at Hashgraph

Job recommendations