Product Security Engineer - Hashgraph

• •Conduct end-to-end security assessments of blockchain-based systems, from cryptographic primitive design and protocol architecture through smart contract implementation and deployed infrastructure.
• •Find real vulnerabilities through hands-on review, adversarial testing, and proof-of-concept exploit development, not just automated scanning.
• •Design adversarial test cases and proof-of-concept exploits for Hedera-native services, EVM-compatible contracts, cross-chain bridges, and consensus-layer components.
• •Own threat modeling and security architecture reviews across product phases.
• •Define and enforce security gates before new components reach production.
• •Partner directly with engineering teams to translate cryptographic and protocol-level risks into concrete, prioritized remediation work.
• •Build and improve security tooling, fuzzing infrastructure, and CI/CD security automation to scale security coverage without scaling headcount.
• •Track emerging blockchain and web3 attack patterns, map them to the internal codebase, and drive proactive mitigation before threats materialize.

Core capabilities:

• •Hands-on vulnerability discovery and security testing across blockchain protocols, smart contracts, nodes, and APIs.
• •A track record of catching real bugs, not just running automated scans.
• •Strong threat modeling and security architecture review experience applied to distributed cryptographic systems.
• •Experience assessing cross-chain protocols, threshold signature schemes, or other cryptographic systems with complex trust assumptions.
• •Deep working knowledge of applied cryptography, including BLS signatures, pairing-based schemes, polynomial commitments, and Fiat-Shamir constructions.
• •Ability to reason about cryptographic failure modes and how they show up in production systems.
• •Direct experience auditing or breaking a cross-chain bridge.
• •Ability to reason through trust model tradeoffs, including state proof, multisig, and oracle attestation models, and what each means for the attack surface.

• •Blockchain security and secure coding practices across EVM-compatible and non-EVM chains.
• •Security testing tooling, including static analysis, dynamic analysis, and fuzzing.
• •Experience developing custom fuzzing harnesses or security test infrastructure.
• •Ability to read and audit Rust and/or Java cryptographic code.
• •Understanding of memory safety, constant-time correctness, secret handling, and security risks at JNI boundaries.

• •Experience designing and operating grammar-aware fuzzing campaigns against gRPC, JSON-RPC, or protocol-level endpoints.
• •Experience building classifier pipelines to distinguish security signal from noise.
• •Prior work on Ethereum consensus client security.
• •Prior work on production threshold signature systems.
• •Experience building security automation tooling.
• •Experience integrating AI-assisted workflows into security review and triage processes.