Security Engineer at OneKey

Job Description

Key Responsibilities

• Conduct in-depth security reviews of blockchain applications, with a focus on smart contract and protocol-level vulnerabilities. This includes analyzing code for logical flaws, gas optimization issues, and potential exploits.
• Design and implement a holistic Web3 security framework that integrates threat modeling, access control mechanisms, and secure development practices.
• Perform regular code audits and architectural assessments to detect and remediate security weaknesses, ensuring alignment with OWASP Top Ten and other industry benchmarks.
• Establish and maintain security testing protocols, including automated penetration testing, static code analysis, and dynamic vulnerability scanning tools.
• Lead incident response efforts by investigating security breaches, coordinating with cross-functional teams, and developing recovery strategies to minimize damage.
• Stay updated on the latest blockchain security threats, research emerging attack vectors, and recommend proactive countermeasures to enhance system resilience.
• Develop and maintain data protection policies, privacy frameworks, and compliance documentation to meet regulatory requirements such as GDPR and CCPA.
• Provide security training programs and awareness campaigns to educate developers, stakeholders, and end-users on best practices for secure blockchain interactions.
• Collaborate with legal and compliance teams to ensure security measures align with global data protection regulations and industry standards.
• Document security findings, remediation steps, and audit results to create a centralized knowledge base for continuous improvement.

Job Requirements

• Proven experience in blockchain security, with a minimum of 5 years in smart contract development, auditing, or penetration testing.
• Expertise in cryptographic protocols, zero-knowledge proofs, and secure consensus mechanisms to design robust security solutions.
• Strong proficiency in programming languages such as Solidity, Python, and JavaScript for analyzing and modifying blockchain codebases.
• Knowledge of Web3 security tools like MythX, Slither, and Truffle to automate vulnerability detection and remediation processes.
• Ability to interpret security logs, blockchain transaction data, and smart contract interactions to identify suspicious patterns.
• Experience with security frameworks like NIST Cybersecurity Framework and ISO 27001 to structure enterprise-level security strategies.
• Excellent analytical and problem-solving skills to evaluate complex security scenarios and propose innovative mitigation techniques.
• Strong communication abilities to present technical security findings to non-technical stakeholders and collaborate with development teams.
• Preferred certifications such as Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH) for enhanced credibility.
• Ability to work independently and manage multiple security projects simultaneously while maintaining high-quality deliverables.