Product Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Hashgraph · 1 day ago

Product Security Engineer

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
date8+ years exp

Hashgraph is a fast-growing software company committed to supporting and developing Hedera, an open source, proof-of-stake platform. The Product Security Engineer will conduct comprehensive security assessments of blockchain systems, design and implement security strategies, and collaborate with engineering teams to enhance security within development workflows.

Information TechnologyInternetNetwork Hardware
check
H1B Sponsor Likelynote

Responsibilities

Conduct comprehensive product security assessments of blockchain-based systems, with a strong focus on Web3 security, smart contracts, and protocol-level risks
Design and write malicious smart contracts and adversarial test cases to exploit and identify vulnerabilities in Hedera Blockchain and EVM-compatible systems
Develop, implement, and continuously improve security strategies, architectures, and best practices for Hedera blockchain protocols, smart contracts, bridges, and associated services
Partner closely with engineering teams to embed security into design, development, and deployment workflows
Design and execute penetration testing, threat modeling, and vulnerability assessments across blockchain networks, nodes, APIs, and supporting infrastructure
Identify, track, and stay ahead of emerging blockchain and Web3 threats, exploits, and attack patterns; provide actionable mitigation guidance
Build and contribute to security tooling, frameworks, and automation tailored for blockchain environments, including CI/CD integrations
Leverage AI/LLMs and automation to enhance product security reviews, vulnerability discovery, threat modeling, and security testing workflows
Assist in incident response and post-incident analysis related to blockchain security events, including root cause analysis and remediation guidance
Educate engineers and internal stakeholders on blockchain security principles, secure coding practices, and real-world attack scenarios
Participate in and contribute to security awareness and secure development training programs across the organization

Qualification

Blockchain securitySmart contract auditingEVM internalsWeb3 technologiesSecurity assessment toolsCryptographic principlesSecure coding practicesAnalytical skillsPythonBashPowerShellDockerKubernetesProblem-solving skillsCommunication skillsCollaboration skills

Required

Must be available to work within the EU time zones
Bachelor's or Master's degree in Computer Science, Information Security, Cryptography, Blockchain, or a related field (or equivalent practical experience)
8+ years of experience in product security, application security, or penetration testing, including 2+ years focused on blockchain security, smart contract auditing, or Web3 security
Solid understanding of EVM internals, smart contract execution, and common Web3 architectures; knowledge of Hedera Blockchain is a strong plus
Deep knowledge of Web3 technologies and protocols, such as Ethereum, gossip-based networks, IPFS, and related decentralized systems
Proven experience with blockchain-specific security assessment tools, methodologies, and manual testing techniques
Strong understanding of blockchain attack vectors and vulnerability classes, including gas fees, authorization control flaws, fungible and non-fungible tokens issues, and bridge exploits
Working knowledge of cryptographic principles and protocols relevant to blockchain systems (hashing, signatures, key management, consensus assumptions)
Hands-on experience with static analysis, dynamic analysis, fuzzing, and custom security testing tools
Strong understanding of secure coding practices, particularly in Java and Rust
Excellent analytical, problem-solving, and communication skills, with the ability to collaborate effectively across engineering and product teams

Preferred

Industry-recognized security certifications such as OSCP, OSEP, OSWA, OSWE; blockchain security certifications are a plus
Experience in bug bounty programs, security research, CVE publications, red teaming, or attack surface management
Experience securing or operating systems in cloud environments (AWS, GCP, Azure), including IAM and key management
Proficiency in scripting and general-purpose programming languages such as Python, Bash, or PowerShell for tooling and automation
Experience with containerization and orchestration technologies (Docker, Kubernetes) and their associated security best practices
Familiarity with DevSecOps pipelines, CI/CD security controls, and infrastructure-as-code security

Company

Hashgraph

twittertwittertwitter
company-logo
Our mission is clear: to cultivate a secure, trusted, and sustainable decentralized world.
dateFounded in 2022
location
Dallas, Texas, USA
people-size51-200 employees
web-link
https://swirldslabs.com

H1B Sponsorship

Hashgraph has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (1)
2022 (1)

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Lionel Chocron
Product
linkedin

Recent News

LinkedIn
Charles Adkins on LinkedIn: Swirlds Labs Appoints Eric Piscini as CEO to Lead Next Phase of Growth | 21 comments
2024-05-21
The Block
Ripple and XRPL Labs join digital asset recovery protocol DeRec Alliance
2024-05-21
The Hashgraph Association, Swirlds Labs launch the “Building on Hedera Course”
2024-03-06
Company data provided by crunchbase