Job Closed
This listing is no longer active.
Hashgraph, formerly Swirlds Labs, is a software company home to some of the brightest minds in web3.
Product Security Engineer
Location
United States
Posted
137 days ago
Salary
0
Seniority
Lead
Job Description
Product Security Engineer
Hashgraph
• Conduct comprehensive product security assessments of blockchain-based systems, with a strong focus on Web3 security, smart contracts, and protocol-level risks • Design and write malicious smart contracts and adversarial test cases to exploit and identify vulnerabilities in Hedera Blockchain and EVM-compatible systems • Develop, implement, and continuously improve security strategies, architectures, and best practices for Hedera blockchain protocols, smart contracts, bridges, and associated services • Partner closely with engineering teams to embed security into design, development, and deployment workflows • Design and execute penetration testing, threat modeling, and vulnerability assessments across blockchain networks, nodes, APIs, and supporting infrastructure • Identify, track, and stay ahead of emerging blockchain and Web3 threats, exploits, and attack patterns; provide actionable mitigation guidance • Build and contribute to security tooling, frameworks, and automation tailored for blockchain environments, including CI/CD integrations • Leverage AI/LLMs and automation to enhance product security reviews, vulnerability discovery, threat modeling, and security testing workflows • Assist in incident response and post-incident analysis related to blockchain security events, including root cause analysis and remediation guidance • Educate engineers and internal stakeholders on blockchain security principles, secure coding practices, and real-world attack scenarios • Participate in and contribute to security awareness and secure development training programs across the organization
Job Requirements
- Bachelor’s or Master’s degree in Computer Science, Information Security, Cryptography, Blockchain, or a related field (or equivalent practical experience)
- 8+ years of experience in product security, application security, or penetration testing, including 2+ years focused on blockchain security, smart contract auditing, or Web3 security
- Solid understanding of EVM internals, smart contract execution, and common Web3 architectures; knowledge of Hedera Blockchain is a strong plus
- Deep knowledge of Web3 technologies and protocols, such as Ethereum, gossip-based networks, IPFS, and related decentralized systems
- Proven experience with blockchain-specific security assessment tools, methodologies, and manual testing techniques
- Strong understanding of blockchain attack vectors and vulnerability classes, including gas fees, authorization control flaws, fungible and non-fungible tokens issues, and bridge exploits
- Working knowledge of cryptographic principles and protocols relevant to blockchain systems (hashing, signatures, key management, consensus assumptions)
- Hands-on experience with static analysis, dynamic analysis, fuzzing, and custom security testing tools
- Strong understanding of secure coding practices, particularly in Java and Rust
- Excellent analytical, problem-solving, and communication skills, with the ability to collaborate effectively across engineering and product teams.
Benefits
- Health insurance
- Professional development opportunities
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Responsible for managing all sales activities including prospecting, pre-sales promotion, demonstrations, proposal coordination, contract/sales order preparation, negotiations and closing. • Responsible for coordinating the involvement of appropriate company personnel (e.g., sales management, technical support, services sales and management, partners and consultants) for orientation, consultation, training and sales support. • Responsible for recruiting, developing and training industry-related partners and resellers. • Responsible for representing the company at industry conferences and trade show events.
Senior Sales Recruiter – National Security
TRM LabsTRM Labs specializes in blockchain investigations and risk management, empowering organizations to detect, investigate, and prevent crypto-related fraud and fin
• Build and own a high-velocity talent pipeline, consistently generating qualified, cleared candidates for priority roles. • Run recruiting like a sales funnel, managing top-of-funnel sourcing through close, with a focus on conversion, speed, and quality. • Act as the primary closer for hard-to-hire, security-cleared candidates—overcoming objections, creating urgency, and driving offer acceptance. • Develop and execute targeted outreach campaigns, leveraging market intelligence and personalized messaging to engage passive talent. • Partner closely with hiring managers as a deal team, aligning on priorities, tradeoffs, and hiring strategy to hit aggressive goals. • Continuously optimize recruiting performance, using data and feedback to improve outreach effectiveness, funnel health, and time-to-close.
SAP Basis & Security Consultant
Global Channel Management, Inc.Leveraging technology. Building relationships.
• SAP Security Design and implement SAP security roles and authorizations for Azure-hosted systems. • Ensure compliance with SOX| GDPR| and BFSI regulatory requirements. • Perform user provisioning| role testing| and segregation of duties checks. • Configure secure communication (SSLTLS) and encryption for SAP workloads. • Monitor and audit system access logs implement remediation for violations. • Collaborate with BASIS and Azure teams for identity and access management. • Support GRC integration and risk analysis for migrated systems. • Provide security sign-off for cutover and post-go-live operations. • Execute SAP system administration tasks (client copies| transports| monitoring). • Perform performance tuning and troubleshoot application server issues. • Support migration activities export-import| SUMDMO execution| and validation. • Configure RFCs| logical systems| and integration points post-migration. • Maintain system health checks and automate routine BASIS tasks. • Collaborate with Azure infra team for connectivity and resource provisioning. • Implement backup recovery procedures and monitor job scheduling. • Document technical procedures and provide operational handover.
• Lead hands-on technical NIST SP 800-53 security control assessments, including applicable overlays (e.g., high-value assets, artificial intelligence, critical software, and FedRAMP). • Serve as a FISMA and FedRAMP technical subject matter expert across SA&A, ASCA, and Event-Driven Security Controls Assessment efforts. • Guide the Discovery, Assessment, Risk Validation, and Finalization stages, including Security Assessment Plan development, evidence collection, control assessment meetings, and Security Assessment Report finalization. • Coordinate and conduct stakeholder meetings and findings reviews, and brief stakeholders on draft Security Assessment Report findings and risk decisions. • Maintain and update assessment package templates (Security Assessment Plan, System Security Plan, Security Controls Traceability Matrix, Security Assessment Report, and Action Item List) for consistency and compliance. • Assess the impact of new laws, regulations, policies, and guidance on the client’s assessment requirements and recommend process changes. • Provide day-to-day technical direction and mentorship to other security analysts. • Incorporate threat modeling and threat hunting into the assessment process to proactively identify and mitigate risks. • Recommend automation approaches, including robotic process automation, workflow orchestration, and data transformation, to improve assessment efficiency and accuracy. • Support FedRAMP package reviews for cloud efforts and responses to data calls and audits from the agency inspector general, GAO, and OMB. • Provide knowledge transfer and upskilling to federal staff so they can perform assessments and serve as backup to contractor assessors.
