Senior Information Security Engineer – Application Security Focus

🕒 May 8

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Hexens

WebsiteLinkedInAll Job Openings

51 - 200 employees

🔒 Cybersecurity

🌐 Web 3

💰 Seed Round on 2022-10

Cybersecurity • Web 3

Hexens is a cybersecurity consulting company specializing in securing digital assets and data with innovative solutions. The company is renowned for its 360º cybersecurity platform, equipped with cutting-edge technology designed to reshape Web3 security. Hexens offers a range of services, including smart contract audits, blockchain security, penetration testing, and compliance advisory. The firm is trusted by leading organizations for its deep knowledge, attention to detail, and unique approach to cybersecurity challenges. Hexens is particularly focused on providing a superb customer experience and ensuring the highest quality security for digital assets, especially in the Web3 space.

📋 Description

• Alongside our off-chain security lead, plan and deliver advanced application security assessments against API services, application front-ends, wallet software, browser plugins, mobile apps, and SDKs. • Collaborate with leading smart contract auditors and cryptography researchers, leveraging your application security expertise to assess attack surfaces outside their on-chain specializations. • Work to identify technical vulnerabilities, architectural flaws, and ways to mitigate future risk in the crucial junctions between off-chain and on-chain systems. • Interact with developers and key stakeholders when identifying and handling security issues. • Deliver clear and concise reporting on issues and attack paths identified.

🎯 Requirements

• At least 5 years experience, or equivalent technical expertise, delivering offensive security services, with a primary focus on application security. • Expert-level web application and API security experience, with proficiency assessing apps with modern web frameworks, and identifying advanced client-side, back-end, and business logic attacks. • Experience assessing mobile applications (Android/iOS), browser extensions, and desktop applications. • Practical experience finding complex vulnerabilities and attack paths in Golang, Rust, TS/JS, Python, Java, or C-based codebases during white/grey-box appsec assessments. • Working knowledge of cloud, CI/CD, container, CDN, and network security concepts, and how they apply to application security. • Knowledge or willingness to learn web3 security concepts and how they apply to web3-centric applications. • Decent scripting and automation skills. • Assisting with scoping requirements for application security work. • Strong client-facing and soft skills. • Big plus if any of the following apply: Significant web2 bug bounty/vulnerability disclosure history. Prior experience as a smart contract auditor or onchain-focused security researcher. Prior experience developing or integrating DeFi protocols, smart contracts, wallet services, or other web3 services. Advanced relevant security certifications (OSWE, Burp Suite Certified Professional, etc.)

🏖️ Benefits

• Work alongside industry-leading specialists • Opportunity to work with the most exciting and prominent companies in the industry • Highly competitive salary • Great work environment