Job Description
We are seeking a highly skilled Security Auditor to join our team. The ideal candidate will be responsible for ensuring the security of our smart contracts, backend services, and frontend applications. This role requires a deep understanding of blockchain technology, security best practices, and the ability to identify and mitigate potential vulnerabilities.
Key Responsibilities
- Smart Contract Security Auditing: Conduct manual code audits for self-developed or integrated smart contracts (Solidity/EVM, Move/Sui/Aptos), identifying risks such as reentrancy, permission bypass, logic errors, and economic model flaws. Prepare detailed audit reports with actionable remediation suggestions and verify the effectiveness of fixes.
- Backend Service Security Review: Audit core backend services (e.g., withdrawal approval, API gateway, risk control engine) written in Go/Java/Node.js, focusing on authentication, access control (RBAC/ABAC), sensitive operation logging, non-repudiation, and signature verification logic for blockchain interactions.
- Frontend Security Checks (Critical Paths): Review frontend code (React/Vue/Flutter) involving private key interactions, transaction construction, and address display to prevent phishing, address substitution, XSS, and other risks.
- Security Shift Left: Participate in requirement reviews and architecture design to identify security risks early. Develop and enforce "Secure Coding Guidelines" and "Common Vulnerability Checklists," integrating them into CI/CD pipelines. Provide security training and code examples to development teams.
- Toolchain Development & Automation: Integrate and optimize static analysis tools (e.g., Slither, Semgrep, SonarQube). Develop internal audit scripts (e.g., automated boundary test case generation, Gas anomaly detection).
- Emergency Response Support: Quickly identify root causes at the code level during security incidents and assist in developing hotfix solutions.
Job Requirements
- 5+ years of software development or security auditing experience, with at least 1 year focused on Web3 smart contracts or financial system security.
- Proficiency in Solidity auditing and deep understanding of EVM mechanisms (e.g., delegatecall, storage layout, gas limits).
- Familiarity with common Web3 attack vectors (reentrancy, flash loan manipulation, oracle manipulation, signature replay) and defense strategies.
- Ability to read and understand backend code (Go/Java/Node.js) to assess business logic and security boundaries.
- Preferred experience in auditing or developing CEX, DEX, wallets, or DeFi protocols.
- Strong sense of responsibility, attention to detail, ability to work under pressure, and excellent communication skills.
Benefits
Opportunity to be part of building the technical security framework for a startup CEX from the ground up.
