Job Description
We are seeking a highly skilled Smart Contract Security Auditor to join our team. The ideal candidate will be responsible for conducting comprehensive security audits of both in-house and third-party smart contracts for our exchange platform. This role requires deep technical expertise in blockchain security, vulnerability analysis, and risk mitigation.
Key Responsibilities
- Code Security Auditing: Perform thorough white-box and gray-box security audits of smart contracts, covering business logic vulnerabilities, code implementation flaws, and economic model risks.
- Vulnerability Discovery: Utilize static analysis, dynamic analysis, and fuzz testing techniques to identify critical vulnerabilities (e.g., reentrancy, overflow, oracle manipulation, economic model arbitrage) and develop Proof-of-Concept (PoC) exploit code.
- Audit Reporting: Prepare detailed, clear, and professional security audit reports that accurately describe vulnerabilities, risk levels, and remediation recommendations. Collaborate with development teams to track fixes.
- Security Standards: Contribute to the development and enhancement of smart contract security standards (Secure Coding Standards), audit checklists, and pre-launch security processes.
- Toolchain Development: Research and implement advanced smart contract auditing tools (e.g., Slither, Mythril, Foundry) to improve audit efficiency.
- Security Monitoring: Assist in monitoring live contracts for anomalous behavior and participate in incident response and post-mortem analysis during security events.
Job Requirements
- Minimum 3 years of hands-on experience in blockchain smart contract auditing or security, with preference given to candidates with exchange, DeFi platform, or fintech experience.
- Must have publicly available smart contract audit reports or records of significant vulnerability discoveries (please include links in your resume).
- Expertise in Solidity and EVM architecture principles, with proficiency in Solidity inline assembly. Knowledge of other smart contract languages like Rust or Move is a plus.
- Proficiency in at least one mainstream blockchain development framework (e.g., Hardhat, Truffle, Foundry).
- Experience with automated auditing tools (e.g., Mythril, Slither, MythX) and methodologies including static analysis and fuzz testing, complemented by manual code review skills.
- Familiarity with at least one fuzz testing tool (e.g., Echidna, Medusa).
- Deep understanding of common attack vectors in blockchain ecosystems (especially DeFi) and ability to think from an attacker's perspective.
- Proficiency in scripting languages like Python or Node.js for developing automated audit scripts or data analysis tools.
Benefits
Competitive compensation package to be discussed during the interview process.
