We’re looking for a Senior Smart Contracts Security Researcher & Engineer to join our team.
Experience with one or more smart contract languages, including, but not limited to, Solidity, Michelson, Ligo, SmartPy, and Clarity is required, along with familiarity with latest security best practices and knowledge of advancements in related fields
This position is to perform security research, analysis and engineering on smart contract projects for our clients, such as analyzing designs, specifications and codebases, along with documenting findings, providing recommendations, and communicating with consulting clients. We work with a variety of ecosystems, including, but not limited to, Ethereum, Tezos, Stacks, and Cosmos.
About Least Authority
Least Authority is committed to building and supporting the development of usable technology solutions and ethical business practices to advance digital security and preserve privacy as a fundamental human right.
As part of our business, we provide security consulting services to help others make their solutions more secure. We support teams from the design phase through the production launch and after through a variety of security consulting services.
Additionally, we develop usable products that advance digital security and protect the privacy of users and contribute to various communities to promote the use of secure systems and privacy-protecting technology.
Why join Least Authority?
- We are a remote first company, headquartered in Berlin;
- Our team provides flexible working arrangements;
- We offer continuous learning opportunities;
- We operate based on ethical business practices;
- We are a mission-driven company;
- We value Diversity & Inclusion; and
- We can legally employ our team members from remote and support with relocation to Germany.
The responsibilities for this position include:
- Conduct research on software and related technology to look for security issues, with a focus on critical vulnerabilities as known through industry best practices;
- Analyze technical designs documentation and specifications for potential security issues, vulnerabilities and other flaws;
- Perform manual code reviews and investigate for potential security issues in code repositories and codebases, along with related code comments, tests and dependencies;
- Analyze and propose potential mitigation and remediation strategies for security issues found;
- Communicate with team members specific security issues and general findings found during research activities;
- Design new approaches to security issues in code and systems;
- Develop potential solutions, including but not limited to producing documentation, code and other helpful artifacts;
- Engineer systems, tools and products, to help with the security of data in transit and at rest, including privacy enhancing technologies;
- Develop preventative approaches to help avoid security issues;
- Actively participate in project report preparation activities;
- Provide these research and engineering activities for both consulting engagements and internal projects;
- Work cross-functionally to meet project deadlines and goals;
- Participate in team efforts, including meetings, to facilitate collaboration towards shared project and Company goals;
- Possess and share knowledge as it relates to current security best practices and industry advancements; and
- Anything else as mutually agreed.
The requirements for this position are the following.
- 2+ years working with one or more smart contract languages, including, but not limited to, Solidity, Michelson, Ligo, SmartPy, and Clarity; and
- Familiarity with and interest in the latest security best practices and knowledge of advancements in related fields.
The ideal person for this role has some skills in the following areas:
- Distributed & decentralized technologies
- Smart contract systems and DeFi concepts and applications
- Blockchain, cryptocurrency and Web 3.0 systems
- Open source software and development practices
- Security research and knowledge sharing to advance best practices
- Adversarial scenarios, attack vectors and threat modeling
- Privacy Enhancing Tech and secure communications tools
- A deep understanding of least one smart contract coding language, with a drive to learn additional ones, such as: Solidity, Michaelson, Ligo, SmartPy, Clarity
Least Authority is an equal opportunity employer. We encourage people from all backgrounds to apply. We are committed to ensuring that our technology is made available and accessible to everyone. All employment decisions are made without regard to race, color, national origin, ancestry, sex, gender, gender identity or expression, sexual orientation, age, genetic information, religion, disability, medical condition, pregnancy, marital status, family status, veteran status, or any other characteristic protected by law.