Job Description
1. AI-Driven Security Review System Construction
- Independently build a hybrid AI security review pipeline combining Large Language Models (LLM), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST) to improve routine code audit efficiency by 3x or more.
- Train/fine-tune dedicated Web3 security detection models to achieve automated precision alerts for high-risk areas such as smart contract interaction interfaces, wallet authorization logic, and cross-chain message parsing.
- Continuously optimize AI review prompt engineering and rule libraries to reduce false positives to below 5%, ensuring audit results can directly serve as release decision criteria.
2. Full-Stack Security Auditing for Web3 Applications
- Independently conduct security reviews for frontend (React/Vue), backend (Java/Go), API gateways, and on-chain interaction modules, focusing on Web3-specific vulnerabilities like replay attacks, signature forgery, privilege escalation, and sensitive data leaks.
- Perform supply chain security assessments for third-party SDKs, open-source components, and RPC node services, establishing an AI-assisted real-time dependency risk monitoring mechanism.
- Participate in security shift-left reviews during new product requirements and design phases, producing actionable security design specifications to prevent architectural-level risks at the source.
3. Vulnerability Closure & Emergency Response
- Conduct manual verification and in-depth analysis of high-risk clues flagged by AI, delivering comprehensive audit reports including reproduction steps, remediation plans, and verification test cases.
- Lead full lifecycle management of security vulnerabilities, ensuring development teams complete fixes within SLA and automatically validating remediation effectiveness through AI regression testing.
- Participate in security incident drills, leveraging AI to rapidly generate attack path analysis and damage control plans to reduce MTTR (Mean Time to Respond).
4. Security Knowledge Management & Enablement
- Convert typical vulnerabilities discovered during audits and AI efficiency cases into internal knowledge bases, regularly organizing security training for development teams.
- Track cutting-edge Web3 security trends (e.g., MEV attacks, account abstraction risks, AI-generated code vulnerabilities) to continuously expand audit capability boundaries.
Job Requirements
- 8+ years of application security/penetration testing experience, including at least 4 years of hands-on Web3/blockchain project security work.
- Advanced AI tool user: Ability to independently write Python/JS scripts integrating LLM APIs with security tools, with proven success cases of AI-assisted code auditing, log analysis, or vulnerability discovery.
- Expertise in OWASP Top 10, CWE/SANS Top 25, and Web3-specific security risks (e.g., EIP-712 signature abuse, flash loan attack vectors).
- Proficiency in at least one SAST/DAST tool (Semgrep/SonarQube/Burp Suite/Acunetix) with ability to customize rules for extended detection capabilities.
- Strong independent thinking and problem-solving skills.
Benefits
Full ownership of business line security reviews with direct reporting to the CEO.
