| Job Position | Company | Posted | Location | Salary | Tags |
|---|---|---|---|---|---|
Perpetuals Group | United States | $39k - $65k | |||
Offchain | New York, NY, United States | $86k - $116k | |||
Offchain | Remote | $84k - $150k | |||
Injective | New York, NY, United States | $105k - $120k | |||
| Learn job-ready web3 skills on your schedule with 1-on-1 support & get a job, or your money back. | | by Metana Bootcamp Info | |||
Mastech Digital | Chicago, IL, United States | $80k - $94k | |||
Anza | United States | $140k - $150k | |||
JPMorganChase | Jersey City, NJ, United States | $152k - $215k | |||
The Depository Trust & Clearing Corporation (DTCC) | Jersey City, NJ, United States | $140k - $240k | |||
Injective Labs | New York, NY, United States | $105k - $120k | |||
Iris Software Inc. | Austin, TX, United States | $91k - $150k | |||
OP Labs PBC | New York, NY, United States | $103k - $150k | |||
Injective | New York, NY, United States | $105k - $150k | |||
Phantom | San Francisco, CA, United States | $124k - $144k | |||
Phantom | United States | $220k - $250k | |||
Jumpcrypto | Remote | $150k - $200k |
Smart Contract Security Engineer / Solidity & Solana Auditor
We are seeking an experienced project-based Smart Contract Security Engineer to support the design, review, testing, security audit, and penetration testing of regulated blockchain-based asset contracts. The primary focus is on Ethereum/Solidity and Solana/Rust, with other blockchain ecosystems considered a benefit.
The project involves tokenized financial instruments and regulated digital assets, including ERC-20 tokens, ERC-3643/T-REX->
This is not a generic blockchain developer role. We are looking for someone who can think like a developer, auditor, and adversarial security tester. The ideal candidate should be able to write and review production-grade smart contracts, build automated test suites, identify vulnerabilities, challenge the architecture, and document findings clearly for both technical and non-technical stakeholders.
Primary Tasks - The selected candidate will be expected to:
• Review and improve Solidity smart contracts for Ethereum/EVM-based deployments.
• Review and improve Solana programs written in Rust, preferably using Anchor.
• Assess regulated token logic, including ERC-20, ERC-3643/T-REX->
• Review and test minting, burning, pausing, blacklisting, freezing, whitelisting, KYC-gated transfers, forced transfers, confiscation/destruction mechanisms, upgradeability, deprecation, and migration logic.
• Validate identity-registry, compliance-module, and investor-eligibility checks where applicable.
• Identify risks in role-based permissions, owner privileges, admin keys, multisig controls, and emergency functions.
• Build or improve automated test suites covering standard flows, edge cases, failure paths, and restricted transfer scenarios.
• Perform manual code review, static analysis, fuzz testing, invariant testing, negative-path testing, and exploit scenario modeling.
• Review deployment, upgrade, and migration procedures for operational and security risks.
• Prepare a clear audit->
• Provide practical recommendations for secure deployment, admin controls, multisig usage, monitoring, and incident response.
Required Experience
The candidate should have strong professional experience with Solidity development and smart contract security reviews. They should understand Ethereum/EVM token standards and security patterns, including ERC-20, ERC-3643 or comparable permissioned-token designs, OpenZeppelin contracts, Ownable and AccessControl patterns, pausable contracts, upgradeable proxy patterns, allowance handling, storage layout safety, mint/burn controls, and transfer-restriction logic.
The candidate should also have practical Solana experience, including Rust-based Solana programs, Anchor, SPL tokens, Token-2022 concepts, transfer hooks, program-derived addresses, account validation, signer checks, ownership checks, authority management, and cross-program invocation risks.
A strong understanding of blockchain security risks is required, including reentrancy, access-control failures, authorization bypasses, broken compliance checks, allowance and approval issues, upgradeability flaws, storage collisions, integer and logic errors, denial-of-service vectors, account-substitution attacks, missing signer validation, incorrect PDA derivation, and compliance-rule bypasses.
Beneficial Experience
Experience with other blockchain ecosystems is beneficial but not mandatory, including Polygon, Arbitrum, Base, Avalanche, BNB Chain, Tron, Stellar, Cosmos-based chains, or permissioned blockchain environments.
Additional beneficial experience includes regulated asset tokens, RWAs, stablecoins, tokenized securities, tokenized funds, custody systems, exchange infrastructure, multisig administration, Safe, formal verification, symbolic execution, post-deployment monitoring, and incident response.
Expected Deliverables
The expected project deliverables include:
• Reviewed and improved Ethereum/Solidity smart contract templates.
• Reviewed Solana/Rust program architecture where applicable.
• Automated test suite or recommendations for test coverage.
• Security audit report with findings and severity ratings.
• Threat model covering smart contracts, admin controls, upgrade paths, compliance checks, and deployment workflows.
• Deployment and upgrade checklist.
• Admin-key and multisig recommendations.
• Retest report confirming remediation of identified issues.
Engagement Details
The candidate should be available for technical review sessions with engineering leadership and must be comfortable communicating complex technical and security issues clearly.