About the Company
Born from groundbreaking research at Columbia University and Yale University, CertiK is a leading Web3 security company focused on securing blockchain protocols, smart contracts, and decentralized applications through cutting-edge security research, formal verification, and AI-powered technology. Founded in 2017 and headquartered in New York City, CertiK provides end-to-end security solutions including smart contract audits, penetration testing, on-chain monitoring, incident response, and compliance services for some of the largest projects in the digital asset ecosystem.
Today, CertiK supports thousands of enterprise clients and Web3 projects globally, with a distributed international team spanning North America, Asia, and Europe. The company is backed by leading investors including Coatue, Goldman Sachs, Insight Partners, and Sequoia Capital, and has been recognized by organizations such as the World Economic Forum and CB Insights for its contributions to blockchain security innovation.
About the Role
The primary responsibility of this role is for CertiK’s security-related services. Intersecting cybersecurity and blockchain, CertiK’s security offerings include security consulting, security reviews, security auditing of smart contracts and blockchains, verification of smart contracts, penetration testing, and more. We are looking to hire someone with a passion for application security and penetration testing. This is a fun and challenging full-time position. If you are excited about hacking, threat modeling, scanning, auditing, designing, and enhancing the security of applications across the board then you will thrive in this role. While you work with clients, we will also provide you with plenty of opportunities to get involved with research and development efforts to help us raise the standards of blockchain security.
Responsibilities
Work with external blockchain developers to audit codes & secure products (smart contracts, protocols & apps/Dapps).
Establish/enforce security policies, manage security vulnerabilities, respond to incidents/exploits & write analysis reports.
Monitor security breaches, defend systems from cyberattacks & provide technical consulting services in cybersecurity.
Conduct penetration tests on web/mobile (Android & iOS) & client application, perform external/internal network security assessment.
Review source code/security design, conduct threat modeling & provide guidance to software development teams.
Contribute to internal security tools & create new ones for improving security services with best engineering practices.
Use static/dynamic analyses to identify flaws or vulnerabilities in smart contracts & propose recommendations.
Assess sandbox/VM/network/core distributed-system code, identify vulnerabilities & build PoC exploits.
Conduct security research, publish findings in technical blog posts & speak at conferences/tech talks/X Spaces, showcasing technical expertise/insights.
Requirements
Master’s degree in Security Informatics/Cybersecurity or a related field.
In-depth knowledge of solidity/smart contract security/Cryptography/Blockchain technology.
Technical expertise in Web3 security, threat/vulnerability management, penetration testing & security review for programs written in Java/JavaScript/Python/C/C++/PHP/Go.
Familiar with cloud platforms such as AWS/Azure/GCP & proficient in Python/JavaScript.
