Job Closed
This listing is no longer active.
Enterprise AI, built for Reinsurers.
Product Security Engineer
Location
United States
Posted
138 days ago
Salary
0
Seniority
Mid Level
Job Description
Product Security Engineer
Aptos
This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description At Aptos Labs we’re pioneering the future of web3 and need a passionate Product Security Engineer to help secure our core technologies. In this role, you’ll be at the forefront of safeguarding our Aptos core infrastructure and Aptos Labs products. Your proactive approach will help us identify and mitigate emerging threats, ensuring our systems remain resilient and trustworthy. You will work closely with our developers, influence security best practices, and lead initiatives that shape the future of web3 security. Responsibilities - Analyze and assess novel and recurring security issues via design reviews, code audits, and penetration tests. - Design and build security tools, and develop mitigations, frameworks, and hardening strategies tailored for vulnerability prevention and detection. - Review and develop secure operational practices, and provide security guidance for engineers. - Respond to and triage reports from bug bounty programs. Qualifications - B.S. or M.S. in Computer Science, a related technical field, or equivalent experience. - 3+ years of experience in vulnerability research and exploitation. - Experience with native development practices and common vulnerability patterns (e.g., Rust, C, etc.). - Experience with automated security analysis tooling and frameworks (fuzzing, static analysis, etc.). Preferred Qualifications - Contributions to the security community (public research, blogging, talks in relevant conferences, etc.). - Experience with virtual machines or complex runtime environments, such as MoveVM (extra bonus), EVM, WASM, or LLVM-based runtimes, including their security models, sandboxing, and execution isolation. - Familiarity with smart contract programming languages (extra bonus for Move), security tools, and frameworks, including formal verification. Benefits - 100% insurance premium coverage for medical, dental, and vision for you and your dependents (US Employees). - Equipment of your choice. - Flexible vacation time, 11 holidays, and floating company days off. - Competitive Salary. - Protocol Token Grants. - 401k matching (US Employees). - Fun and inclusive in-person and digital events.
Job Requirements
- B.S. or M.S. in Computer Science, a related technical field, or equivalent experience.
- 3+ years of experience in vulnerability research and exploitation.
- Experience with native development practices and common vulnerability patterns (e.g., Rust, C, etc.).
- Experience with automated security analysis tooling and frameworks (fuzzing, static analysis, etc.).
- Preferred Qualifications
- Contributions to the security community (public research, blogging, talks in relevant conferences, etc.).
- Experience with virtual machines or complex runtime environments, such as MoveVM (extra bonus), EVM, WASM, or LLVM-based runtimes, including their security models, sandboxing, and execution isolation.
- Familiarity with smart contract programming languages (extra bonus for Move), security tools, and frameworks, including formal verification.
Benefits
- 100% insurance premium coverage for medical, dental, and vision for you and your dependents (US Employees).
- Equipment of your choice.
- Flexible vacation time, 11 holidays, and floating company days off.
- Competitive Salary.
- Protocol Token Grants.
- 401k matching (US Employees).
- Fun and inclusive in-person and digital events.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Lead Cybersecurity Manager
Tyto Athene, LLCAt Tyto Athene, we harness the power of technology to provide solutions that shape the future.
• The Contractor shall identify a Lead Cybersecurity Manager who will serve as the Contractor’s main POC for providing additional and direct support to PM CT2 for all Cybersecurity functions (as defined in Section C.5.5). • The Lead Cybersecurity Manager shall coordinate with ATEC SO Information System Security Managers (ISSMs) and ensure compliance with security controls, and all pertinent DoD IT policy and procedures for all system integrations. • The Lead Cybersecurity Manager shall ensure data, information, and security systems are secure and function as required to prevent Cybersecurity breaches of all information systems. • The Lead Cybersecurity Manager shall provide a leadership role for all internal and external organizations to provide clear communication and direction for maximum Cybersecurity efforts. • The Lead Cybersecurity Manager shall lead the initiative for security best practices and provide recommendations to the Government.
• Shape company-wide security strategy and lead software engineering projects on a highly-autonomous and horizontally-integrated team with a lot of leverage. This is a code-forward role! • Develop and apply best-in-class secure baselines for cloud infrastructure. • Secure first- and third-party software supply chains, from the dev environment through CI/CD and into production. • Build and own identity and access management (IAM) systems that are user-friendly and promote least privilege. • Manage infrastructure vulnerabilities while supporting rapid growth for Engineering. • Consult on risk assessments, architectural designs, threat models, code reviews, and more—pragmatically balancing security with other business considerations.
• Monitor security alerts and logs from SIEM, EDR, and cloud security tools • Investigate and respond to security incidents (triage, containment, remediation) • Perform vulnerability assessments and support remediation efforts • Assist in security hardening of systems, networks, and cloud environments • Review access controls, permissions, and identity configurations • Participate in security audits, risk assessments, and compliance activities • Develop and maintain security documentation, procedures, and playbooks • Collaborate with DevOps and engineering teams to embed security best practices • Stay up to date with emerging threats, vulnerabilities, and attack techniques
• Develop and implement a strategic vision for information security, aligned with business objectives and focused on the continuous improvement of the area's processes and controls. • Manage contracts, assets, and services related to information security, ensuring their optimal efficiency. • Define information security standards and policies to protect information assets and support business continuity. • Ensure regulatory compliance applicable to the company and adherence to industry best practices. • Collaborate with technology teams to define and implement effective security integration strategies across the development lifecycle, from design through production. • Analyze and respond to information security incidents, map threats and vulnerabilities, and develop projects to prevent or remediate them. • Lead risk management, threat modeling, and impact assessments for new products, features, and partnerships. • Lead training and enablement programs to build a strong security culture across the company. • Provide support for internal and external audits. • Evaluate and monitor security KPIs, keeping leadership informed about the maturity of the information security program. • Respond to requests and support the provision of the company's ISMS (SGSI) information to clients and other stakeholders as needed.
