Contractor Security Engineer

Agoric is an open-source software development company bringing better security and composability to the decentralized financial infrastructure of today. Agoric is built on a JavaScript library of reusable, composable components coded by experienced community members. Our secure JavaScript smart contract platform allows developers to rapidly build secure applications on top of an ever-growing collection of reusable governance, lending, and trading components. 

About this role

As a Security Engineer at Agoric, you will be an integral part of ensuring our smart contracts platform is secure from attack and disruption across multiple facets, including code vulnerabilities, chain attacks, configuration and release management, dependency and supply chain risks, scalability, denial of service, decentralized hosting of our software and the risks that come with it. You will guide the company to identify and resolve potential security risks, as well as putting in place systems and procedures for handling security issues when they occur. You will build upon our company'™s strong security culture, enabling Agoric and its community to build a rich ecosystem of secure smart contracts. You will work with a team of world-class computer security and programming language developers, cryptographers, economists, business leaders and community builders; all of whom have the mission of making decentralized smart contracts an everyday reality. 

What you will be doing

• Develop our static analysis and fuzzing programs, with opportunities to build custom tooling to support bug hunting and QA. 
• Guide penetration testing program for application security, including supporting security audits. 
• Perform adversarial testing on frameworks, contracts, core infrastructure, and testnets.
• Support our vulnerability disclosure and bug bounty program. 
• Guide our dependency management program, and maintenance of Agoric'™s Software Bill of Materials.
• Improve, develop, and maintain security documentation including threat models and user interaction diagrams of the Agoric stack.
• Support ecosystem security by partnering with various ecosystem stakeholders (e.g. wallets, Dapp developers, inter-chain providers) for audit readiness, emergency coordination, and observability efforts. 
• Aid the team in incorporating security into our software designs and implementations as a first class goal.
• Participate in team code reviews and threat modeling with fellow engineers, with a keen eye towards information security concerns 
• Help improve the stability, scalability, reliability, and maintainability of the Agoric platform through the construction of tools and testing frameworks, integration of open source software, and helping to develop response playbooks and best practices.
• Understand the security trends and challenges within the company and in the blockchain / DeFi industries at large. Offer ideas and collaborative solutions to others at Agoric and in the ecosystem.
• Participate in open source development on shared resources with external development teams

What we look for in you

• BA, BS, MS, PhD in Computer Science, Software Engineering, or other relevant discipline, or equivalent professional experience
• 6+ years of experience as a security engineer in challenging environments (high profile / high stakes companies)
• Familiarity with blockchain, cryptography, and smart contract languages and frameworks
• Experience working with systems design and open-source projects

Nice to haves

• Have previous experience at a fast paced, high growth stage internet/software company
• Experience with Javascript & Go.
• Experience with Cosmos/Tendermint