ZetaChain
Web3 Product Security Engineer (Senior/Lead)
ZetaChain, San Francisco, California, United States, 94199
About ZetaChain
We're building something ambitious at ZetaChain: the first universal blockchain that connects everything—Bitcoin, Ethereum, every chain. We're backed by top investors, live on mainnet, and building the future of blockchain technology. If you're excited about working on big, meaningful problems with a world-class team, you're in the right place.
We are seeking a hands-on
Web3 Product Security Engineer
to build and lead a security program that protects our ecosystem developers and partners. You’ll be a key member of our security team and responsible for safeguarding the ZetaChain ecosystem and users.
Why You Want To Work Here
Impactful Role:
Build a top tier security program for the growing ZetaChain ecosystem with all the support you need from senior leadership
Remote Flexibility:
Enjoy the freedom and flexibility of a remote work environment plus quarterly team meet ups to get to know each other in person.
Cutting-Edge Technology:
Work with the latest advancements in blockchain technology cryptography
Commitment to Open Source:
We are committed to supporting open source software and use high quality open source tools internally when possible.
Find out more about our high performance culture.
Job Description This role will run the ecosystem security program helping independent developers building on the ZetaChain platform keep their applications and users secure. This includes establishing secure by default templates, using automated or AI powered security tools, coordinating audits, and participating in code reviews.
You’ll work directly with independent third-party developer teams of all sizes to help them securely build and maintain their blockchain applications. These teams are critical to our ecosystem’s growth.
The ideal candidate has a strong background in product security, TypeScript/JavaScript/React programming, and Web3 development, along with deep knowledge of wallet security, dApp threat modeling, and account abstraction (EIP-4337). You should be comfortable acting as both a technical expert and a trusted partner to external teams.
Responsibilities
Work directly with external ecosystem developers to advise on smart contract, dApp, and wallet security best practices
Lead or coordinate security audits and penetration tests for ecosystem projects, and drive timely remediation of findings
Develop and implement innovative security testing that scales across multiple projects
Analyze new and emerging dApp and wallet attack vectors (phishing, session hijacking, malicious npm packages, RPC manipulation)
Contribute to and help manage the bug bounty programs by validating and triaging reported vulnerabilities
Create and maintain security guidelines, best practices, and documentation tailored for ecosystem developers
Requirements
Location:
Hybrid in San Francisco is preferred (2-3 days a week)
Open to fully remote for exceptional candidates that align with US Timezones
3+ years of experience in cybersecurity, with a focus on blockchain and Web3 technologies
2+ years of software development experience working with smart contracts (Ideally Solidity)
Experience with security tools and techniques specific to blockchain environments
Deep familiarity with common attack vectors in Web3, such as flash loan attacks, reentrancy, and oracle manipulation
Strong understanding of Wallet security (EIP-712, SIWE etc), account abstraction (EIP-4337), smart contract vulnerabilities and DeFi-specific risks
Familiarity with common tools and frameworks like Foundry, Slither, Tenderly, Wagmi, viem, RainbowKit
Strong analytical and problem-solving skills with attention to detail
Excellent communication skills and ability to explain complex security concepts to both technical and non-technical audiences
Preferred Qualifications
Experience with Ethereum, Ton, Solana, SUI, and other major blockchain protocols
Previous experience auditing code (Solidity, React, Typescript, Rust, Func, etc)
Contributions to open-source blockchain security tools or research
Active participation in bug bounty programs or capture-the-flag (CTF) competitions
Experience implementing and managing automated security testing pipelines
Familiarity with formal verification techniques for smart contracts
Understanding of zero-knowledge proofs and their blockchain applications
Familiarity with emerging AI security practices such as securing MCP servers and manipulating LLMs
In-Office Culture This is a remote position but we will prioritize applicants based in the Bay Area. Many members of our team workhybrid from our San Francisco office, and we aim for
2 to 3 in-office days per week . We know life happens, whether it’s travel, appointments, or family needs and we’re flexible when the schedule needs to shift. The company is a mix of fully remote and hybrid team members.
Compensation Base Salary: $150,000 – $210,000 (San Francisco benchmark) This range reflects base salaries for roles in the San Francisco market. For candidates in other locations, compensation is adjusted to remain competitive within their local market.
In addition to the base salary,
all full-time team members receive an additional 10% to 25% in liquid benefits
with upside based on role, experience, and impact. We believe in building together and sharing in the long-term success of the network. Compensation packages are designed to be competitive and aligned with the growth of both the team and the ecosystem.
Let’s build the first Universal Blockchain together. #J-18808-Ljbffr
We are seeking a hands-on
Web3 Product Security Engineer
to build and lead a security program that protects our ecosystem developers and partners. You’ll be a key member of our security team and responsible for safeguarding the ZetaChain ecosystem and users.
Why You Want To Work Here
Impactful Role:
Build a top tier security program for the growing ZetaChain ecosystem with all the support you need from senior leadership
Remote Flexibility:
Enjoy the freedom and flexibility of a remote work environment plus quarterly team meet ups to get to know each other in person.
Cutting-Edge Technology:
Work with the latest advancements in blockchain technology cryptography
Commitment to Open Source:
We are committed to supporting open source software and use high quality open source tools internally when possible.
Find out more about our high performance culture.
Job Description This role will run the ecosystem security program helping independent developers building on the ZetaChain platform keep their applications and users secure. This includes establishing secure by default templates, using automated or AI powered security tools, coordinating audits, and participating in code reviews.
You’ll work directly with independent third-party developer teams of all sizes to help them securely build and maintain their blockchain applications. These teams are critical to our ecosystem’s growth.
The ideal candidate has a strong background in product security, TypeScript/JavaScript/React programming, and Web3 development, along with deep knowledge of wallet security, dApp threat modeling, and account abstraction (EIP-4337). You should be comfortable acting as both a technical expert and a trusted partner to external teams.
Responsibilities
Work directly with external ecosystem developers to advise on smart contract, dApp, and wallet security best practices
Lead or coordinate security audits and penetration tests for ecosystem projects, and drive timely remediation of findings
Develop and implement innovative security testing that scales across multiple projects
Analyze new and emerging dApp and wallet attack vectors (phishing, session hijacking, malicious npm packages, RPC manipulation)
Contribute to and help manage the bug bounty programs by validating and triaging reported vulnerabilities
Create and maintain security guidelines, best practices, and documentation tailored for ecosystem developers
Requirements
Location:
Hybrid in San Francisco is preferred (2-3 days a week)
Open to fully remote for exceptional candidates that align with US Timezones
3+ years of experience in cybersecurity, with a focus on blockchain and Web3 technologies
2+ years of software development experience working with smart contracts (Ideally Solidity)
Experience with security tools and techniques specific to blockchain environments
Deep familiarity with common attack vectors in Web3, such as flash loan attacks, reentrancy, and oracle manipulation
Strong understanding of Wallet security (EIP-712, SIWE etc), account abstraction (EIP-4337), smart contract vulnerabilities and DeFi-specific risks
Familiarity with common tools and frameworks like Foundry, Slither, Tenderly, Wagmi, viem, RainbowKit
Strong analytical and problem-solving skills with attention to detail
Excellent communication skills and ability to explain complex security concepts to both technical and non-technical audiences
Preferred Qualifications
Experience with Ethereum, Ton, Solana, SUI, and other major blockchain protocols
Previous experience auditing code (Solidity, React, Typescript, Rust, Func, etc)
Contributions to open-source blockchain security tools or research
Active participation in bug bounty programs or capture-the-flag (CTF) competitions
Experience implementing and managing automated security testing pipelines
Familiarity with formal verification techniques for smart contracts
Understanding of zero-knowledge proofs and their blockchain applications
Familiarity with emerging AI security practices such as securing MCP servers and manipulating LLMs
In-Office Culture This is a remote position but we will prioritize applicants based in the Bay Area. Many members of our team workhybrid from our San Francisco office, and we aim for
2 to 3 in-office days per week . We know life happens, whether it’s travel, appointments, or family needs and we’re flexible when the schedule needs to shift. The company is a mix of fully remote and hybrid team members.
Compensation Base Salary: $150,000 – $210,000 (San Francisco benchmark) This range reflects base salaries for roles in the San Francisco market. For candidates in other locations, compensation is adjusted to remain competitive within their local market.
In addition to the base salary,
all full-time team members receive an additional 10% to 25% in liquid benefits
with upside based on role, experience, and impact. We believe in building together and sharing in the long-term success of the network. Compensation packages are designed to be competitive and aligned with the growth of both the team and the ecosystem.
Let’s build the first Universal Blockchain together. #J-18808-Ljbffr