Job Description
As a Smart Contract Security Auditor, you will be responsible for ensuring the security and integrity of our blockchain-based systems. Your primary duties will include:
- Smart Contract Security Audits: Conduct manual code reviews for Solidity (EVM) and Move (Sui/Aptos) smart contracts to identify risks such as reentrancy, permission bypass, logic errors, and economic model flaws. Prepare detailed audit reports with actionable remediation suggestions and verify fixes.
- Backend Service Security Reviews: Audit core backend services (e.g., withdrawal approval, API gateways, risk control engines) written in Go/Java/Node.js, focusing on authentication, RBAC/ABAC controls, sensitive operation logging, non-repudiation, and signature verification logic for on-chain interactions.
- Frontend Security Checks: Review critical frontend code (React/Vue/Flutter) involving private key handling, transaction construction, and address display to prevent phishing, address substitution, XSS, and other risks.
- Security Shift-Left: Participate in requirement reviews and architecture design to identify risks early. Develop and enforce security coding standards and vulnerability checklists, integrating them into CI/CD pipelines. Provide security training and code examples to development teams.
- Toolchain Development & Automation: Integrate and optimize static analysis tools (e.g., Slither, Semgrep, SonarQube). Develop internal audit scripts for boundary test case generation and gas anomaly detection.
- Incident Response: Quickly identify root causes during security incidents and assist in developing hotfix solutions.
Job Requirements
- 5+ years of software development or security auditing experience, with at least 1 year focused on Web3 smart contracts or financial system security.
- Expertise in Solidity auditing and deep understanding of EVM mechanics (e.g., delegatecall, storage layout, gas limits).
- Familiarity with common Web3 attack vectors (reentrancy, flash loan manipulation, oracle manipulation, signature replay) and mitigation strategies.
- Proficiency in reading backend code (Go/Java/Node.js) to assess business logic and security boundaries.
- Prior experience auditing or developing CEX, DEX, wallets, or DeFi protocols is a strong plus.
- Strong sense of responsibility, attention to detail, ability to work under pressure, and excellent communication skills.
Benefits
Opportunity to build technical security infrastructure from the ground up at a fast-growing startup CEX. You'll play a pivotal role in shaping security best practices and directly impact the safety of our platform's users and assets.
