Apeing DEX
Senior Penetration Tester & Cybersecurity Auditor – Apeing Labs
Apeing DEX, Fort Lauderdale, Florida, us, 33336
Overview
Apeing Labs is building the
future of decentralized trading
— a high-speed, Solana-first decentralized exchange (DEX) designed to rival the performance and liquidity of centralized platforms. With a focus on
security, deep liquidity, and user trust , our mission is to create the most advanced and secure infrastructure for DeFi traders.
As our volumes grow,
security becomes the single most important priority . We are seeking an
elite in-house cybersecurity expert
to
own our security stack end-to-end : from smart contracts to backend trading engines, APIs, and infrastructure.
This role is not advisory — you will be
embedded in the core engineering loop , with authority and accountability to keep Apeing Labs unbreakable.
Responsibilities As
Senior Penetration Tester & Cybersecurity Auditor , you will:
Lead
offensive and defensive security programs
for all Apeing Labs systems.
Conduct
regular penetration tests
on trading infrastructure, APIs, Solana smart contracts, and web/mobile applications.
Perform
full-spectrum security audits
of source code, DevOps pipelines, and smart contract deployments.
Develop and enforce
security architecture principles
for new features and products.
Establish and run
incident response protocols , ensuring rapid detection and mitigation.
Mentor developers to embed
secure coding practices
across the team.
Act as the
point of contact for external audits , bug bounty programs, and white-hat researchers.
Core Responsibilities
Conduct
red team / blue team exercises
simulating real-world attacks.
Audit smart contracts and Solana programs using tools such as
Sec3, OtterSec, Halborn, Slither, Foundry .
Harden APIs and trading engines against
DDoS, MEV attacks, front-running, and sandwich attacks .
Perform
infrastructure and cloud security audits
(Kubernetes, Docker, Kafka, Geyser streams).
Design
key management, custody, and multisig wallet flows
(Squads, Ledger, cold wallet integration).
Set up continuous monitoring for anomalies, intrusion detection, and log analysis.
Maintain compliance with
ISO27001, SOC2, GDPR, and DeFi best practices .
Write detailed
audit and penetration testing reports , including actionable remediation steps.
Candidate Requirements Experience (Must-Have):
10–15 years in
cybersecurity, penetration testing, and auditing .
Proven track record of
securing high-value fintech or DeFi platforms .
Hands-on experience with
Solana or Ethereum security models .
Strong expertise in
OWASP, NIST, MITRE ATT&CK
frameworks.
Familiarity with
trading systems, HFT architectures, or low-latency infra .
Previous leadership of
red-team engagements
with measurable outcomes.
Technical Skills
Pentesting tools: Burp Suite, Metasploit, Wireshark, Nessus, fuzzing frameworks.
Blockchain/DeFi tools: Slither, Echidna, Foundry, MythX, Solana CLI.
Infra/DevOps security: Kubernetes, Docker, CI/CD pipelines, Vault, Kafka.
Programming knowledge (at least in 2): Rust, C++, Python, Go, Solidity, TypeScript.
Strong knowledge of
cryptography, custody solutions, and key management .
Soft Skills
Ability to translate technical risks into
business impact language
for leadership.
High level of
integrity and confidentiality
handling sensitive data.
Proactive problem solver with
ownership mindset .
Strong leadership and mentoring capabilities.
Custom Application Questions
Describe the most complex
penetration test or blockchain audit
you’ve performed. What vulnerabilities did you uncover, and how did you address them?
Which
Solana or DeFi-specific security tools
do you actively use, and how have you applied them in past roles?
Walk us through how you would secure a
high-speed trading platform
against front-running, MEV, and DDoS attacks.
Blockchain & Smart Contract Security
Deep understanding of
Solana’s runtime, accounts model, and SPL token standards .
Knowledge of
Ethereum/EVM security principles
(since many DeFi attacks originated there).
Familiarity with
common attack vectors
in DeFi:
Re-entrancy attacks
Flash loan exploits
Front-running / MEV (Miner/Validator Extractable Value)
Sandwich attacks
Oracle manipulation
Cross-chain bridge exploits
Experience auditing
smart contracts
with tools like Slither, Foundry, Echidna, and Solana-specific analyzers.
Application & API Security
Deep knowledge of
OWASP Top 10
vulnerabilities and beyond.
Strong grasp of
API-level attack vectors
(especially REST & WebSocket APIs in trading).
Familiarity with
HFT/low-latency trading systems
security (latency exploits, manipulation of order books).
Knowledge of
Web3 wallets, signing mechanisms, and key management
(Phantom, Ledger, multisig wallets like Squads).
Infrastructure & Cloud Security
Kubernetes, Docker, and container security.
Experience with
cloud security hardening
(AWS, GCP, or bare metal infra).
Kafka, Geyser, and other Solana data stream security (ensuring no data leakage/manipulation).
Experience setting up
monitoring and anomaly detection systems
(SIEMs, IDS/IPS).
Cryptography & Custody
Strong applied cryptography knowledge:
Elliptic curve cryptography (Ed25519, secp256k1).
Multi-party computation (MPC).
Threshold signatures.
Knowledge of
cold storage / hardware wallets / key sharding strategies .
Building secure custody flows for
institutions
(multi-sig, time-locks, withdrawal limits).
Compliance & Governance Knowledge
Familiarity with
regulatory requirements
(ISO27001, SOC2, GDPR).
Knowledge of
audit frameworks
for exchanges and financial institutions.
Ability to prepare
audit-ready documentation
for investors and regulators.
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
Blockchain Services
#J-18808-Ljbffr
future of decentralized trading
— a high-speed, Solana-first decentralized exchange (DEX) designed to rival the performance and liquidity of centralized platforms. With a focus on
security, deep liquidity, and user trust , our mission is to create the most advanced and secure infrastructure for DeFi traders.
As our volumes grow,
security becomes the single most important priority . We are seeking an
elite in-house cybersecurity expert
to
own our security stack end-to-end : from smart contracts to backend trading engines, APIs, and infrastructure.
This role is not advisory — you will be
embedded in the core engineering loop , with authority and accountability to keep Apeing Labs unbreakable.
Responsibilities As
Senior Penetration Tester & Cybersecurity Auditor , you will:
Lead
offensive and defensive security programs
for all Apeing Labs systems.
Conduct
regular penetration tests
on trading infrastructure, APIs, Solana smart contracts, and web/mobile applications.
Perform
full-spectrum security audits
of source code, DevOps pipelines, and smart contract deployments.
Develop and enforce
security architecture principles
for new features and products.
Establish and run
incident response protocols , ensuring rapid detection and mitigation.
Mentor developers to embed
secure coding practices
across the team.
Act as the
point of contact for external audits , bug bounty programs, and white-hat researchers.
Core Responsibilities
Conduct
red team / blue team exercises
simulating real-world attacks.
Audit smart contracts and Solana programs using tools such as
Sec3, OtterSec, Halborn, Slither, Foundry .
Harden APIs and trading engines against
DDoS, MEV attacks, front-running, and sandwich attacks .
Perform
infrastructure and cloud security audits
(Kubernetes, Docker, Kafka, Geyser streams).
Design
key management, custody, and multisig wallet flows
(Squads, Ledger, cold wallet integration).
Set up continuous monitoring for anomalies, intrusion detection, and log analysis.
Maintain compliance with
ISO27001, SOC2, GDPR, and DeFi best practices .
Write detailed
audit and penetration testing reports , including actionable remediation steps.
Candidate Requirements Experience (Must-Have):
10–15 years in
cybersecurity, penetration testing, and auditing .
Proven track record of
securing high-value fintech or DeFi platforms .
Hands-on experience with
Solana or Ethereum security models .
Strong expertise in
OWASP, NIST, MITRE ATT&CK
frameworks.
Familiarity with
trading systems, HFT architectures, or low-latency infra .
Previous leadership of
red-team engagements
with measurable outcomes.
Technical Skills
Pentesting tools: Burp Suite, Metasploit, Wireshark, Nessus, fuzzing frameworks.
Blockchain/DeFi tools: Slither, Echidna, Foundry, MythX, Solana CLI.
Infra/DevOps security: Kubernetes, Docker, CI/CD pipelines, Vault, Kafka.
Programming knowledge (at least in 2): Rust, C++, Python, Go, Solidity, TypeScript.
Strong knowledge of
cryptography, custody solutions, and key management .
Soft Skills
Ability to translate technical risks into
business impact language
for leadership.
High level of
integrity and confidentiality
handling sensitive data.
Proactive problem solver with
ownership mindset .
Strong leadership and mentoring capabilities.
Custom Application Questions
Describe the most complex
penetration test or blockchain audit
you’ve performed. What vulnerabilities did you uncover, and how did you address them?
Which
Solana or DeFi-specific security tools
do you actively use, and how have you applied them in past roles?
Walk us through how you would secure a
high-speed trading platform
against front-running, MEV, and DDoS attacks.
Blockchain & Smart Contract Security
Deep understanding of
Solana’s runtime, accounts model, and SPL token standards .
Knowledge of
Ethereum/EVM security principles
(since many DeFi attacks originated there).
Familiarity with
common attack vectors
in DeFi:
Re-entrancy attacks
Flash loan exploits
Front-running / MEV (Miner/Validator Extractable Value)
Sandwich attacks
Oracle manipulation
Cross-chain bridge exploits
Experience auditing
smart contracts
with tools like Slither, Foundry, Echidna, and Solana-specific analyzers.
Application & API Security
Deep knowledge of
OWASP Top 10
vulnerabilities and beyond.
Strong grasp of
API-level attack vectors
(especially REST & WebSocket APIs in trading).
Familiarity with
HFT/low-latency trading systems
security (latency exploits, manipulation of order books).
Knowledge of
Web3 wallets, signing mechanisms, and key management
(Phantom, Ledger, multisig wallets like Squads).
Infrastructure & Cloud Security
Kubernetes, Docker, and container security.
Experience with
cloud security hardening
(AWS, GCP, or bare metal infra).
Kafka, Geyser, and other Solana data stream security (ensuring no data leakage/manipulation).
Experience setting up
monitoring and anomaly detection systems
(SIEMs, IDS/IPS).
Cryptography & Custody
Strong applied cryptography knowledge:
Elliptic curve cryptography (Ed25519, secp256k1).
Multi-party computation (MPC).
Threshold signatures.
Knowledge of
cold storage / hardware wallets / key sharding strategies .
Building secure custody flows for
institutions
(multi-sig, time-locks, withdrawal limits).
Compliance & Governance Knowledge
Familiarity with
regulatory requirements
(ISO27001, SOC2, GDPR).
Knowledge of
audit frameworks
for exchanges and financial institutions.
Ability to prepare
audit-ready documentation
for investors and regulators.
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
Blockchain Services
#J-18808-Ljbffr