Senior Security Engineer

About the Company:

CertiK is a pioneering Web3 security company that specializes in securing blockchain protocols, smart contracts, and decentralized applications through cutting-edge security research, formal verification, and AI-powered technology. Established in 2017 and headquartered in New York City, CertiK offers comprehensive security solutions including smart contract audits, penetration testing, on-chain monitoring, incident response, and compliance services for prominent projects in the digital asset ecosystem.

CertiK has a diverse international team across North America, Asia, and Europe, serving thousands of enterprise clients and Web3 projects globally. The company has secured backing from renowned investors like Coatue, Goldman Sachs, Insight Partners, and Sequoia Capital, receiving recognition from reputable organizations such as the World Economic Forum and CB Insights for its innovative contributions to blockchain security.

About the Role:

As part of CertiK's security team, this role involves overseeing a range of security services that merge cybersecurity and blockchain technologies. Responsibilities include security consulting, reviews, audits of smart contracts and blockchains, verification of smart contracts, penetration testing, and more. The ideal candidate will have a strong interest in application security and penetration testing, with opportunities to engage in research and development to elevate blockchain security standards.

Responsibilities:

• Develop and implement robust enterprise-level security solutions to protect internal networks, applications, and infrastructure, ensuring the security and availability of critical systems and data.
• Establish and enforce organization-wide security policies and standards, lead vulnerability management, and coordinate incident response efforts across engineering, IT, and compliance teams.
• Monitor and respond to real-time security threats, conduct forensic investigations, perform root cause analysis of significant security incidents, and formulate long-term defense strategies.
• Conduct comprehensive security assessments on internal and third-party systems, including architecture reviews, endpoint security evaluations, and infrastructure hardening initiatives.
• Guide secure development practices by leveraging advanced static and dynamic analysis to identify vulnerabilities and provide remediation guidance to engineering teams.
• Undertake threat modeling and risk analysis for high-value systems to proactively detect and mitigate potential attack vectors, influencing system and product architecture.
• Design and maintain internal security tools to enhance detection capabilities, streamline response workflows, and improve operational visibility.

Requirements:

• Master's degree in Computer Science, Software Engineering, Security Informatics, or a related field.
• Demonstrated expertise in threat modeling and architectural risk assessment utilizing structured methodologies like STRIDE and DREAD.
• Advanced knowledge of secure software development lifecycle, including static and dynamic analysis, QA practices, and end-to-end vulnerability management.
• Strong ability to conduct thorough security assessments across network infrastructure, application architecture, and system configurations.
• Familiarity with cloud environments (AWS, Azure, GCP), CI/CD deployment workflows, proficiency in Java/Python, secure coding, debugging, symbolic execution, and automation scripting.

The anticipated annual salary range for this role is $130,000 to $160,000, commensurate with candidate skills and experience. CertiK offers comprehensive benefits including medical, vision, and dental insurance, a 401(k) plan with company matching, life and accidental death and dismemberment insurance, and flexible paid time off.

CertiK is an equal opportunity employer and does not discriminate based on various factors as outlined in federal law. The company actively supports diversity and may employ AI tools during the hiring process.

Kindly let me know if there is anything else you need assistance with.