Agoric is an open-source software development company bringing better security and composability to the decentralized financial infrastructure of today. Agoric is built on a JavaScript library of reusable, composable components coded by experienced community members. Our secure JavaScript smart contract platform allows developers to rapidly build secure applications on top of an ever-growing collection of reusable governance, lending, and trading components.
About this role
As a Security Engineer at Agoric, you will be an integral part of ensuring our smart contracts platform is secure from attack and disruption across multiple facets, including code vulnerabilities, chain attacks, configuration and release management, dependency and supply chain risks, scalability, denial of service, decentralized hosting of our software and the risks that come with it. You will guide the company to identify and resolve potential security risks, as well as putting in place systems and procedures for handling security issues when they occur. You will build upon our companyâs strong security culture, enabling Agoric and its community to build a rich ecosystem of secure smart contracts. You will work with a team of world-class computer security and programming language developers, cryptographers, economists, business leaders and community builders; all of whom have the mission of making decentralized smart contracts an everyday reality.
What you will be doing
Develop our static analysis and fuzzing programs, with opportunities to build custom tooling to support bug hunting and QA.
Guide penetration testing program for application security, including supporting security audits.
Perform adversarial testing on frameworks, contracts, core infrastructure, and testnets.
Support our vulnerability disclosure and bug bounty program.
Guide our dependency management program, and maintenance of Agoricâs Software Bill of Materials.
Improve, develop, and maintain security documentation including threat models and user interaction diagrams of the Agoric stack.
Support ecosystem security by partnering with various ecosystem stakeholders (e.g. wallets, Dapp developers, inter-chain providers) for audit readiness, emergency coordination, and observability efforts.
Aid the team in incorporating security into our software designs and implementations as a first class goal.
Participate in team code reviews and threat modeling with fellow engineers, with a keen eye towards information security concerns
Help improve the stability, scalability, reliability, and maintainability of the Agoric platform through the construction of tools and testing frameworks, integration of open source software, and helping to develop response playbooks and best practices.
Understand the security trends and challenges within the company and in the blockchain / DeFi industries at large. Offer ideas and collaborative solutions to others at Agoric and in the ecosystem.
Participate in open source development on shared resources with external development teams
What we look for in you
BA, BS, MS, PhD in Computer Science, Software Engineering, or other relevant discipline, or equivalent professional experience
6+ years of experience as a security engineer in challenging environments (high profile / high stakes companies)
Familiarity with blockchain, cryptography, and smart contract languages and frameworks
Experience working with systems design and open-source projects
Nice to haves
Have previous experience at a fast paced, high growth stage internet/software company
Experience with Javascript & Go.
Experience with Cosmos/Tendermint
Agoric is committed to diversity in its workforce and is proud to be an equal opportunity employer. Agoric does not make hiring or employment decisions on the basis of race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law.
Please mention the word **SMITTEN** and tag RMTguMjI5LjI1NS45OQ== when applying to show you read the job post completely (#RMTguMjI5LjI1NS45OQ==). This is a beta feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.