Offensive Security Engineer, Assessments (Web3)

This position is posted by Jobgether on behalf of a partner company. We are currently looking for an Offensive Security Engineer, Assessments (Web3) in United States. This role provides the opportunity to strengthen security for blockchain-based products and Web3 applications through advanced penetration testing and bug bounty program management. You will work closely with cross-functional teams and whitehat researchers to identify, assess, and remediate vulnerabilities while shaping the overall security posture of Web3 systems. This position emphasizes hands-on offensive security, strategic program management, and collaboration across engineering and security teams. The ideal candidate combines deep technical expertise in Web3 security with excellent communication skills, a proactive mindset, and a passion for protecting decentralized technologies. You will thrive in a fast-paced, high-impact environment where your work directly influences the safety and integrity of digital assets and user trust.

• Accountabilities:
• Conduct comprehensive security assessments of Web3 products, including smart contracts, DeFi protocols, and blockchain infrastructure.
• Lead bug bounty program triage, validation, and strategic initiatives to enhance efficiency, maturity, and hacker engagement.
• Collaborate with engineering teams to prioritize and remediate vulnerabilities identified through assessments and bug bounty submissions.
• Stay informed on emerging Web3 security trends, advisories, and research to continuously improve testing strategies.
• Mentor and train junior security engineers in penetration testing and bug bounty analysis.
• Develop and implement strategies to incentivize high-quality bug bounty submissions and maintain researcher engagement.
• Analyze bug bounty and vulnerability data to identify trends, recurring issues, and opportunities for process improvement.
• Document and report on bug bounty metrics, program effectiveness, and security assessments.
• Requirements:
• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Software Engineering, or related field.
• 3+ years of experience in Web3 application security, penetration testing, and bug bounty programs.
• Strong understanding of blockchain technologies, including L1/L2 networks, DeFi protocols, and staking mechanisms.
• Knowledge of Web2 security concepts and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25).
• Hands-on experience applying programming concepts in penetration testing, preferably using Python.
• Excellent analytical and problem-solving skills, with a proactive approach to identifying security risks.
• Strong communication and collaboration skills to work with both technical and non-technical stakeholders.
• Passion for continuous learning and staying current in the rapidly evolving Web3 security space.
• Ability to work independently, take ownership of initiatives, and handle high-pressure situations effectively.
• Nice-to-have: security certifications (OSCP, GPEN), CTF or bug bounty participation, cloud or application security expertise, and experience building security tooling.
• Benefits:
• Competitive salary range: $152,405–$179,300 USD (location dependent).
• Eligibility for performance bonuses and equity grants.
• Flexible work arrangements with remote-first options and support for team offsites.
• Access to cutting-edge Web3 technologies and security tools.
• Professional growth and learning opportunities within a high-impact security team.
• Collaborative, mission-driven, and inclusive work environment.

Jobgether is a Talent Matching Platform that partners with companies worldwide to efficiently connect top talent with the right opportunities through AI-driven job matching. When you apply, your profile goes through our AI-powered screening process designed to identify top talent efficiently and fairly. Our AI evaluates your CV and LinkedIn profile thoroughly, analyzing your skills, experience, and achievements. It compares your profile to the job’s core requirements and past success factors to determine your match score. Based on this analysis, we automatically shortlist the three candidates with the highest match to the role. When necessary, our human team may perform an additional manual review to ensure no strong profile is missed. The process is transparent, skills-based, and free of bias — focusing solely on your fit for the role. Once the shortlist is completed, we share it directly with the company that owns the job opening. The final decision and next steps (such as interviews or additional assessments) are then made by their internal hiring team. Thank you for your interest! #LI-CL1 Apply tot his job Apply To this Job