安全工程师 Web3 Security Engineer

Click link below to apply job 点击下方链接申请岗位

OneKey Recruit

职位要求 Job Requirements

说明 Description

职位要求 Job Requirements

说明 Description

中文 Chinese

要求

  1. 拥有计算机科学、信息安全或相关领域的本科或以上学历。

  2. 至少3年以上的 Web3 或区块链安全相关经验。

  3. 深入理解区块链技术,包括智能合约、分布式网络、去中心化应用等。

  4. 熟悉 Ethereum、Polkadot、Cosmos 等主流的公链和相关的智能合约编程语言,如 Solidity、Rust 等。

  5. 对网络安全和加密技术有深入理解。

  6. 熟练使用至少一种脚本语言,如 Python、JavaScript 等。

  7. 具有强烈的解决问题的能力,以及良好的组织和沟通技巧。

  8. 熟悉符合 ISO 27001、NIST、CIS 或其他相关安全标准的最佳实践。

  9. 优选具有认证信息系统安全专业人员(CISSP)、认证信息安全管理师(CISM)、认证信息安全审核员(CISA)等相关证书。

职责

  1. 审查和改进我们的区块链应用的安全性,包括智能合约和协议级别的安全性。

  2. 开发和实施全面的 Web3 安全框架和策略。

  3. 审查代码和架构,识别和纠正潜在的安全漏洞和错误。

  4. 设计并实施安全审计和安全测试流程,包括渗透测试和漏洞扫描。

  5. 对安全事件进行调查,管理安全事件响应流程,并提供恢复策略。

  6. 保持对行业安全标准和最佳实践的最新了解,以应对新的威胁和漏洞。

  7. 创建并维护公司的数据保护策略和隐私政策。

  8. 与团队合作,提供关于安全问题的培训和意识提高活动。

加分项

  1. 对 DeFi、NFT 和其他区块链技术和应用有深入理解。

  2. 有成功发现并修复过重大安全漏洞的经验,包括在 Bug Bounty 程序中。

  3. 熟悉至少一种形式化验证工具,例如 TLA+ 或 Coq。

  4. 拥有开发或审计 Rust 和 Solidity 代码的经验。

  5. 具备社区影响力,如在网络安全或区块链领域的发表过研究、拥有知名的技术博客或活跃在开源社区。

  6. 对零知识证明、多方计算(MPC)、同态加密等加密技术有深入了解或实践经验。

  7. 在加密货币项目或创业公司中的工作经验。

English

You are familiar with these

  1. Bachelor’s degree or higher in Computer Science, Information Security, or a related field.

  2. At least 3 years of experience in Web3 or blockchain security.

  3. In-depth understanding of blockchain technologies, including smart contracts, distributed networks, and decentralized applications.

  4. Familiarity with mainstream public chains and related smart contract programming languages, such as Solidity, Rust, like Ethereum, Polkadot, Cosmos.

  5. Deep understanding of network security and encryption technologies.

  6. Proficiency in at least one scripting language, such as Python, JavaScript.

  7. Strong problem-solving abilities, as well as good organizational and communication skills.

  8. Familiarity with best practices conforming to ISO 27001, NIST, CIS, or other relevant security standards.

  9. Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are preferred.

Responsibilities

  1. Review and enhance the security of our blockchain applications, including smart contracts and protocol level security.

  2. Develop and implement comprehensive Web3 security frameworks and strategies.

  3. Review code and architecture to identify and rectify potential security vulnerabilities and errors.

  4. Design and implement security audit and testing processes, including penetration testing and vulnerability scanning.

  5. Investigate security incidents, manage security incident response processes, and provide recovery strategies.

  6. Stay up-to-date with industry security standards and best practices to respond to new threats and vulnerabilities.

  7. Create and maintain the company's data protection and privacy policies.

  8. Collaborate with the team to provide training and awareness activities on security issues.

Nice to have

  1. In-depth understanding of DeFi, NFTs, and other blockchain technologies and applications.

  2. Experience in successfully discovering and fixing major security vulnerabilities, including in Bug Bounty programs.

  3. Familiarity with at least one formal verification tool, such as TLA+ or Coq.

  4. Experience in developing or auditing Rust and Solidity code.

  5. Community influence, such as having published research in network security or blockchain, owning a well-known technical blog, or being active in open source communities.

  6. Deep understanding or practical experience of cryptographic technologies such as zero-knowledge proofs, Multi-Party Computation (MPC), or homomorphic encryption.

  7. Experience in a cryptocurrency project or start-up company.