Offensive Security Engineer, Assessments (Web3)

This position is posted by Jobgether on behalf of a partner company. We are currently looking for an Offensive Security Engineer, Assessments (Web3) in United States.

This role provides the opportunity to strengthen security for blockchain-based products and Web3 applications through advanced penetration testing and bug bounty program management. You will work closely with cross-functional teams and whitehat researchers to identify, assess, and remediate vulnerabilities while shaping the overall security posture of Web3 systems. This position emphasizes hands-on offensive security, strategic program management, and collaboration across engineering and security teams. The ideal candidate combines deep technical expertise in Web3 security with excellent communication skills, a proactive mindset, and a passion for protecting decentralized technologies. You will thrive in a fast-paced, high-impact environment where your work directly influences the safety and integrity of digital assets and user trust.

• Accountabilities:
• Conduct comprehensive security assessments of Web3 products, including smart contracts, DeFi protocols, and blockchain infrastructure.
• Lead bug bounty program triage, validation, and strategic initiatives to enhance efficiency, maturity, and hacker engagement.
• Collaborate with engineering teams to prioritize and remediate vulnerabilities identified through assessments and bug bounty submissions.
• Stay informed on emerging Web3 security trends, advisories, and research to continuously improve testing strategies.
• Mentor and train junior security engineers in penetration testing and bug bounty analysis.
• Develop and implement strategies to incentivize high-quality bug bounty submissions and maintain researcher engagement.
• Analyze bug bounty and vulnerability data to identify trends, recurring issues, and opportunities for process improvement.
• Document and report on bug bounty metrics, program effectiveness, and security assessments.
• Requirements:
• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Software Engineering, or related field.
• 3+ years of experience in Web3 application security, penetration testing, and bug bounty programs.
• Strong understanding of blockchain technologies, including L1/L2 networks, DeFi protocols, and staking mechanisms.
• Knowledge of Web2 security concepts and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25).
• Hands-on experience applying programming concepts in penetration testing, preferably using Python.
• Excellent analytical and problem-solving skills, with a proactive approach to identifying security risks.
• Strong communication and collaboration skills to work with both technical and non-technical stakeholders.
• Passion for continuous learning and staying current in the rapidly evolving Web3 security space.
• Ability to work independently, take ownership of initiatives, and handle high-pressure situations effectively.
• Nice-to-have: security certifications (OSCP, GPEN), CTF or bug bounty participation, cloud or application security expertise, and experience building security tooling.
• Benefits:
• Competitive salary range: $152,405–$179,300 USD (location dependent).
• Eligibility for performance bonuses and equity grants.
• Flexible work arrangements with remote-first options and support for team offsites.
• Access to cutting-edge Web3 technologies and security tools.
• Professional growth and learning opportunities within a high-impact security team.
• Collaborative, mission-driven, and inclusive work environment.

Why Apply Through Jobgether?

We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.

We appreciate your interest and wish you the best!

Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.

#LI-CL1