Information Security Engineer, Product

About the Role

Aptos is a people-first blockchain on a mission to provide universal and fair access to decentralized assets in a safe and scalable way. Founded by the original creators and maintainers of the Diem blockchain, the company has dedicated several years to this mission. The open-source Diem technology is an important foundation for a safe and scalable web3 world, where everyone has more equitable opportunities to grow and access financial assets with lower fees and fewer intermediaries.

What You Will Do

• Analyze and assess novel and recurring security issues via design reviews, code audits, and penetration tests.
• Design and build security tools and develop mitigations, frameworks, and hardening strategies tailored for vulnerability prevention and detection.
• Review and develop secure operational practices and provide security guidance for engineers.
• Respond to and triage reports from bug bounty programs.
• Collaborate with cross-functional teams, including development and operations, to ensure the security of Aptos' products and infrastructure.
• Develop and maintain documentation for security processes and procedures.
• Participate in the development of security roadmaps and strategies.
• Conduct security research and stay up-to-date with the latest threats and technologies.
• Develop and deliver training and awareness programs for engineers and other stakeholders.

What We Are Looking For

• B.S. or M.S. in Computer Science, a related technical field, or equivalent experience.
• 3+ years of experience in vulnerability research and exploitation.
• Experience with native development practices and common vulnerability patterns (e.g., Rust, C, etc.).
• Experience with automated security analysis tooling and frameworks (fuzzing, static analysis, etc.).
• Strong understanding of computer systems, networks, and security principles.
• Excellent problem-solving skills and the ability to work in a fast-paced environment.
• Experience with virtual machines or complex runtime environments, such as MoveVM, EVM, WASM, or LLVM-based runtimes.
• Familiarity with smart contract programming languages, security tools, and frameworks, including formal verification.

Nice to Have

• Contributions to the security community (public research, blogging, talks in relevant conferences, etc.).
• Experience with virtual machines or complex runtime environments, such as MoveVM (extra bonus), EVM, WASM, or LLVM-based runtimes, including their security models, sandboxing, and execution isolation.
• Familiarity with smart contract programming languages (extra bonus for Move), security tools, and frameworks, including formal verification.

Benefits and Perks

• 100% insurance premium coverage for medical, dental, and vision for you and your dependents (US Employees).
• Equipment of your choice.
• Flexible vacation time, 11 holidays, and floating company days off.
• Competitive Salary.
• Protocol Token Grants.
• 401k matching (US Employees).
• Fun and inclusive in-person and digital events.
• Opportunity to work on groundbreaking web3 security initiatives.
• Collaborative and dynamic work environment.
• Professional development opportunities.

• Develop a strong understanding of web3 security principles and stay up-to-date with the latest threats and technologies.
• Showcase your expertise in security analysis tooling and frameworks, such as fuzzing and static analysis.
• Prepare to discuss your experience with native development practices and common vulnerability patterns.
• Highlight your ability to influence security best practices and lead initiatives that shape the future of web3 security.
• Be prepared to provide examples of your contributions to the security community, such as public research or talks in relevant conferences.
• Make sure to research Aptos' technology and products, and be ready to discuss how you can contribute to the company's mission.
• Practice your problem-solving skills and be prepared to walk through your thought process during the interview.