Senior Security Engineer, Offensive Security and Blockchain
Our expanding security team is in search of a seasoned Offensive Security Engineer with expertise in offensive security, threat research, and exploit development. This role entails identifying vulnerabilities, comprehending their operations, and devising strategies and tools to minimize associated risks. If you possess a robust technical background, a fervor for offensive security, and thrive in decentralized work environments, we invite you to apply.
Key Responsibilities:
Red Team Strategy & Execution
- Lead and orchestrate complex Red Team exercises targeting a variety of entities within the Internet Computer Protocol.
- Develop plans for emulating adversaries to assess platform and infrastructure defenses and preempt potential vulnerabilities.
Exploit Development & Vulnerability Research
- Conduct research, testing, and creation of advanced exploits for the Internet Computer Protocol and infrastructure.
- Curate an internal repository of exploit tools and scripts for sophisticated offensive security operations.
Infrastructure Security
- Enhance the security of Internet Computer Operating Systems through advanced hardening methods.
- Conduct vulnerability assessments and penetration tests to identify and mitigate risks within the ICOS environment and overall Internet Computer infrastructure.
- Implement security measures for internal Kubernetes clusters to guard against container-based attacks.
- Perform security testing across various cloud-native infrastructures, CI/CD pipelines, and microservices settings to identify and address security vulnerabilities.
Tool Development & Automation
- Build and maintain specialized offensive security tools for exploit delivery, post-exploitation automation, and Red Team simulations.
- Create secure operational tools to facilitate complex engagements, support security monitoring, threat detection, and incident response.
Collaboration & Incident Handling
- Collaborate with cross-functional teams including blockchain developers, DevOps, and infrastructure engineers to integrate security best practices throughout the development life cycle.
- Lead incident response initiatives involving blockchain or internal systems, conducting thorough post-incident analyses and implementing remediation measures.
- Publish security advisories and report Common Vulnerabilities and Exposures (CVEs).
Requirements:
- Extensive experience in planning and executing Red Team engagements in complex, distributed settings to simulate advanced persistent threats (APTs) across blockchain and traditional infrastructure.
- Proficiency in adversary emulation, lateral movement techniques, privilege escalation, and data exfiltration strategies.
- Demonstrated expertise in identifying and exploiting vulnerabilities specific to blockchain environments including distributed consensus mechanisms, smart contract execution, and inter-node communication.
- Strong understanding of kernel-level vulnerabilities, hypervisor security, and virtualized environments.
- Familiarity with SELinux.
- Proven track record in securing Kubernetes clusters and traditional infrastructure with an emphasis on container security.
- Proficiency in working with QEMU virtualization technologies; familiarity with AMD SEV-SNP secure enclaves is advantageous.
- Hybrid-onsite role based in San Francisco.
Base Salary Range: $175,000 - $240,000/yr
Offers may include a total compensation package comprising base salary, bonuses, and other benefits. Compensation is determined by various factors such as job level, expertise, education, location, and overall experience.
We offer top-tier medical, dental, and vision insurance; disability and life insurance; 401(k); flexible PTO policy along with paid holidays.
About DFINITY and the Internet Computer:
DFINITY is a significant contributor to the Internet Computer Protocol (ICP), aiming to transition global compute onto a secure ICP network. ICP, founded on third-generation blockchain technology, empowers the development and operation of unstoppable, tamper-proof, fully decentralized web applications. ICP's innovative technology enables the execution of complete AI models within smart contracts, a progressive step for secure AI purposes. Through seamless integration with leading networks like Bitcoin and Ethereum, ICP supports multi-chain operations for digital assets and web3.
Join our team of dedicated individuals including respected cryptographers, distributed systems engineers, programming language specialists, and industry pioneers, shaping the direction of the internet and web3 technologies.
DFINITY was established in 2016 by entrepreneur and crypto theorist Dominic Williams.
All qualified applicants will be considered without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.