Binance logo

Binance

usUS

Offensive Security Engineer, Assessments (Web3)

full-timeRemote$152,405 - $179,300
bug bounty
security
blockchain
web3
penetration testing
defi

About the Role

This position is posted by Jobgether on behalf of a partner company. We are currently looking for an Offensive Security Engineer, Assessments (Web3) in United States.

This role provides the opportunity to strengthen security for blockchain-based products and Web3 applications through advanced penetration testing and bug bounty program management. You will work closely with cross-functional teams and whitehat researchers to identify, assess, and remediate vulnerabilities while shaping the overall security posture of Web3 systems. This position emphasizes hands-on offensive security, strategic program management, and collaboration across engineering and security teams. The ideal candidate combines deep technical expertise in Web3 security with excellent communication skills, a proactive mindset, and a passion for protecting decentralized technologies. You will thrive in a fast-paced, high-impact environment where your work directly influences the safety and integrity of digital assets and user trust.

Accountabilities:

  • Conduct comprehensive security assessments of Web3 products, including smart contracts, DeFi protocols, and blockchain infrastructure.
  • Lead bug bounty program triage, validation, and strategic initiatives to enhance efficiency, maturity, and hacker engagement.
  • Collaborate with engineering teams to prioritize and remediate vulnerabilities identified through assessments and bug bounty submissions.
  • Stay informed on emerging Web3 security trends, advisories, and research to continuously improve testing strategies.
  • Mentor and train junior security engineers in penetration testing and bug bounty analysis.
  • Develop and implement strategies to incentivize high-quality bug bounty submissions and maintain researcher engagement.
  • Analyze bug bounty and vulnerability data to identify trends, recurring issues, and opportunities for process improvement.
  • Document and report on bug bounty metrics, program effectiveness, and security assessments.

Requirements:

  • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Software Engineering, or related field.
  • 3+ years of experience in Web3 application security, penetration testing, and bug bounty programs.
  • Strong understanding of blockchain technologies, including L1/L2 networks, DeFi protocols, and staking mechanisms.
  • Knowledge of Web2 security concepts and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25).
  • Hands-on experience applying programming concepts in penetration testing, preferably using Python.
  • Excellent analytical and problem-solving skills, with a proactive approach to identifying security risks.
  • Strong communication and collaboration skills to work with both technical and non-technical stakeholders.
  • Passion for continuous learning and staying current in the rapidly evolving Web3 security space.
  • Ability to work independently, take ownership of initiatives, and handle high-pressure situations effectively.
  • Nice-to-have: security certifications (OSCP, GPEN), CTF or bug bounty participation, cloud or application security expertise, and experience building security tooling.

Benefits:

  • Competitive salary range: $152,405–$179,300 USD (location dependent).
  • Eligibility for performance bonuses and equity grants.
  • Flexible work arrangements with remote-first options and support for team offsites.
  • Access to cutting-edge Web3 technologies and security tools.
  • Professional growth and learning opportunities within a high-impact security team.
  • Collaborative, mission-driven, and inclusive work environment.