Role Description As the platform scales with new protocol upgrades, EVM-compatible services, cross-chain infrastructure, and cryptographic primitives, managing the expanding attack surface is paramount. The Product Security Engineer will be responsible for embedding security directly into the product development lifecycle, ensuring that security remains a first-class property of every protocol upgrade, smart contract, and node shipped to production. This role focuses on hands-on vulnerability discovery, adversarial testing, and proactive threat mitigation before code reaches production. Key Responsibilities - Security Assessments & Threat Modeling: Conduct end-to-end security assessments of blockchain-based systems, spanning cryptographic primitive design, protocol architecture, smart contract implementation, and deployed infrastructure. Own threat modeling and security architecture reviews across all product phases. - Vulnerability Discovery & Exploitation: Identify real-world vulnerabilities through rigorous hands-on code reviews, adversarial testing, and the development of proof-of-concept exploits for native services, EVM-compatible contracts, cross-chain bridges, and consensus-layer components. - Engineering Partnership: Partner directly with core engineering teams to translate complex cryptographic and protocol-level risks into prioritized, actionable remediation workflows. Define and enforce security gates prior to production deployment. - Security Automation & Tooling: Build, scale, and improve security tooling, fuzzing infrastructure, and CI/CD security automation to maximize security coverage efficiently. - Research & Mitigation: Track emerging blockchain and Web3 attack patterns, map them to the internal codebase, and drive proactive mitigation strategies. Qualifications - Proven track record of hands-on vulnerability discovery and security testing across blockchain protocols, smart contracts, nodes, and APIs, with a demonstrated ability to identify deep architectural bugs beyond automated scanning. - Strong threat modeling and security architecture review experience applied directly to distributed cryptographic systems. - Direct experience assessing cross-chain protocols, threshold signature schemes, or other cryptographic systems with complex trust assumptions, including the auditing or breaking of cross-chain bridges. - Deep working knowledge of applied cryptography (e.g., BLS signatures, pairing-based schemes, polynomial commitments, and Fiat-Shamir constructions) and the ability to reason about cryptographic failure modes in production environments. - Ability to analyze trust model tradeoffs, including state proof, multisig, and oracle attestation models, and evaluate their impact on the broader attack surface. Functional & Technical Expertise - Mastery of blockchain security and secure coding practices across both EVM-compatible and non-EVM chains. - Proficiency with security testing tooling, including static analysis, dynamic analysis, and fuzzing, alongside experience developing custom fuzzing harnesses or security test infrastructure. - Strong ability to read, review, and audit cryptographic code written in Rust and/or Java. - Clear understanding of memory safety, constant-time correctness, secret handling, and the unique security risks at JNI boundaries. Preferred Qualifications - Experience designing and operating grammar-aware fuzzing campaigns against gRPC, JSON-RPC, or protocol-level endpoints. - Experience building classifier pipelines to isolate security signals from noise, or building custom security automation tooling. - Prior security work focused on Ethereum consensus clients or production threshold signature systems. - Experience integrating AI-assisted workflows into security review and triage processes. Benefits - Competitive salary and compensation package. - Opportunity to work at the forefront of enterprise Web3 infrastructure and cryptographic innovation. - Collaborative, high-caliber engineering environment focused on solving complex, large-scale distributed systems challenges. - Flexible working arrangements and comprehensive professional growth opportunities. Interview Process - Recruiter / HR Screening Call - Hiring Manager Interview - Technical Interview - Technical Assignment - Final Interview Commitment to Equality and Accessibility At MLabs, we are committed to offer equal opportunities to all candidates. We ensure no discrimination, accessible job adverts, and providing information in accessible formats. Our goal is to foster a diverse, inclusive workplace with equal opportunities for all. If you need any reasonable adjustments during any part of the hiring process or you would like to see the job-advert in an accessible format please let us know at the earliest opportunity by emailing human-resources@mlabs.city.

• Reporting to the regional Practice Manager of Customer Experience (CX), the Information Security Program Manager will be responsible for managing a portfolio of customers, and will be tasked with maintaining client satisfaction. • This will be accomplished by ensuring our solutions meet the client’s business needs and objectives all while delivering standout strategic consultative guidance and excellent service. • Success in this position is measured by achieving revenue retention goals, product and feature adoption rates, identifying revenue uplift opportunities, and overall customer satisfaction metrics. • Successfully develop and manage relationships for assigned clients and stakeholders, supporting all Cofense products in use by the client. • Represent Cofense as the customer’s trusted advisor and subject matter expert. • Coordinate customer engagements to ensure successful onboarding and product implementation, as well as throughout the customer’s full lifecycle with Cofense. • Perform risk management to minimize churn. • Continue to effectively showcase the value of Cofense products and services and present Return on Investment (ROI) information to key client stakeholders. • Highlight any concerns and/or risks and share this with internal account partners and leadership. • Develop get-well plans, with the assistance of the account team, to help minimize risk and increase customer satisfaction. • Create and maintain comprehensive documentation for your book of business. • Perform administrative tasks and documentation within our CSM toolset. • Coordinate and collaborate with internal resources and third parties/vendors, as needed, for the successful execution of projects. • Ensure tasks are delivered on time, within scope and within budget. • Assist in the definition of project scope and objectives, involving all relevant stakeholders and ensuring technical feasibility. • Responsible for the profitability of our services and increasing our customers Cofense product commitment through successful portfolio management. • Identify opportunities for revenue expansion within assigned accounts. • Own all aspects of a customer’s simulated phishing defense program and deliver on contractual requirements: Recommend customized phishing programs based on industry best practices and customer goals. • Ensure alignment of recommendations to the current threat landscape and the customer’s core business objectives. • Independently produce high-quality, client-ready deliverables to meet contractual requirements. • Share analytic deliverables and make operational and strategic recommendations based on the customer’s overarching security goals and key success indicators. • For Managed Training clients, run the customer’s simulated phishing program using Cofense solutions. • For assigned Managed Remediation clients, deliver monthly Remediation reports while personalizing the monthly meeting to consist of reviewing unique threats the client has received and review malware identified. • As necessary, travel to client sites to ensure excellent customer relationships. • Assist in training newer members on the team, cross-training with the larger CX organization and collaborate on process and procedural improvements across Cofense.

• Gerenciar time com diferentes níveis de experiência, garantindo a coesão e eficiência do time. • Assegurar a operação contínua e manutenção dos firewalls e VPNs, garantindo a segurança da infraestrutura de redes do iFood. • Administrar regras de WAF utilizando ferramentas como Akamai e Cloudflare, assegurando a proteção de aplicações web. • Implementar estratégias para controle de bots e proteção contra crawlers, visando a integridade dos sistemas. • Gerenciar o relacionamento com fornecedores, assegurando a qualidade e continuidade dos serviços contratados. • Supervisionar a infraestrutura de rede dos escritórios, garantindo sua eficiência e segurança. • Participar em desenvolvimentos internos, como scripts de automação, contribuindo para a melhoria contínua dos processos.

• Perform in-depth security analyses of products and flows, covering AppSec aspects such as architecture, data flow, source code, threats, and risks. • Propose and implement necessary controls and adjustments to increase application security. • Create and maintain security baselines, guidelines, presentations, and track risks/threats. • Present identified issues to technical and non-technical audiences, proposing effective solutions. • Develop and implement agents and systems to automate activities, as well as maintain internal applications within the AppSec scope.