Remote Golang Offensive Security Engineer - 100% Remote, Blockchain, DeFi

Description:

• Halborn is seeking a Golang Offensive Security Engineer for a 100% remote position, focusing on the blockchain and DeFi sectors.
• The company was founded in 2019 to address adversarial problems unique to the cryptocurrency industry, including breaches, social engineering, and economic hacks.
• The role involves conducting realistic adversary simulations from conception through reporting.
• Responsibilities include testing systems, applications, networks, and processes, researching cutting-edge offensive security techniques, and developing tools and exploits.
• The engineer will communicate risks and required remediations clearly and effectively, both in writing and orally.
• Collaboration and independent work on unique assignments requiring specialized knowledge or experience are expected.
• Compliance with company, division, and professional ethical standards is mandatory.

Requirements:

• Candidates must have a passion for the blockchain industry.
• A minimum of 3 years of experience in application development using Golang is required, with blockchain or smart contract development experience being a plus.
• At least 2 years of offensive security experience is necessary.
• Experience with WASM/BPF is a plus.
• Candidates should have an understanding of system and network administration.
• Proficiency in using common penetration testing tools such as BurpSuite and Metasploit is required.
• Practical experience in reverse engineering and fuzzing is a plus.
• Proficiency in at least one scripting language is necessary.
• Candidates must be proficient with common server and workstation operating systems.
• Proficiency in testing modern web application languages and frameworks is required.
• A deep understanding of Golang-based smart contract runtimes is essential.
• Candidates should be able to think critically and identify technical and non-technical risks.
• The ability to write technical reports and communicate technical content to non-technical audiences is required.
• Relevant security certifications (OSCP, OSCE, GPEN, GWAPT, LPT, CISSP) are a plus but not mandatory.
• Basic knowledge of cryptographic primitives such as public/private keys, hash functions, and Merkle trees is necessary.
• Bonus points for experience with Ethereum clients, Cosmos SDK, IBC, and consensus protocols.
• All candidates who reach the second round must pass a background and criminal record check and provide three relevant references.

Benefits:

• The position offers a full-time salary and equity in the company.
• Employees enjoy unlimited vacation days.
• Company laptops are provided to all employees.
• Opportunities for travel are available.
• Health insurance is dependent on the applicant’s country of residence but is readily available.