Auditing Engineer III (Full Time, Anywhere)

Posted:
10/9/2024, 3:52:49 AM

Location(s):
California, United States ⋅ San Francisco, California, United States

Experience Level(s):
Mid Level ⋅ Senior

Field(s):
Software Engineering

Workplace Type:
Remote

As a smart contract auditor, you will be at the forefront of Web3, using a hacker mindset to identify vulnerabilities in target contracts of mainstream projects, including bridges, DeFi protocols, wallets, oracles, virtual machines, and much more. Come and join us in our mission of securing the blockchain!

This position is for candidates with an in-depth understanding of blockchain and smart contracts. To succeed in our testing for Auditing Engineer III, you must be well-versed in Ethereum, with a solid understanding of economic attacks, smart contract design patterns, issues with protocol integration, and the inner workings of the Ethereum Virtual Machine. You can identify complex bugs and vulnerabilities in large code bases. As a senior auditor, knowledge of the existing DeFi landscape is a must.

This job is fully remote - you can work from anywhere in the world!

Candidate Profile

  • Background in Computer Science or any related field such as Mathematics & Physics.

  • Loves to find bugs in software systems and has a great eye for detail.

  • Fluent English communication, both written and spoken.

  • Fluent in reading and writing medium (1 KLOC) to complex (> 10 KLOC) Solidity smart contracts.

  • Knows the DeFi ecosystem landscape.

  • Knows the main EIP standards and smart contract design patterns.

  • Knows the major Ethereum smart contract security issues and economic attacks.

  • Knowledge of how the EVM works.

  • Hands-on experience with auditing supporting tools, including static analyzers and fuzzers.

  • Understanding of different consensus mechanisms.

  • Knows at least another ecosystem outside the EVM realm.

  • Knows the major security issues in Web2.

  • Partial availability (2-6h) during EST work hours to allow for communication with the team.

Nice to Have

  • Extensive knowledge of computer and network security.

  • Hands-on experience with blockchain projects.

  • Reading proficiency in Rust.

  • Pentesting skills and knowledge of traditional Web2 security.

  • Hands-on experience with L2 scaling solutions, including optimistic and zero-knowledge-based roll-ups.

Responsibilities

  • Perform code reviews/audits of blockchain projects in small teams of engineers.

  • Help in the development and research efforts within Quantstamp.

  • Interact with other team members to discuss the likelihood and impact of findings.

  • Write and review audit reports before they are shared with the customer.

  • Mentor junior team members.

  • Interact with customers to clarify technical requirements and answer technical questions.

Optional Opportunities

  • Perform research on a new topic in the crypto space and provide internal “Lunch and Learn” (LnL) sessions. There is an option to also record and publish LnLs on YouTube or other social media platforms.

  • Participate and/or speak at international conferences and workshops about smart contracts and blockchain security.

  • Work on internal research projects, building PoCs, forking and changing open-source tools, running experiments, etc.

  • Write (academic) papers and collaborate with top-tier universities on the topic of smart contracts and blockchain security.

  • Write patents related to smart contracts and/or blockchain.