Summary

At Aptos Labs we’re pioneering the future of web3 and need a passionate Application Security Engineer to help secure our ecosystem. In this role, you’ll be at the forefront of safeguarding our Aptos core infrastructure and Aptos Labs products. Your proactive approach will help us identify and mitigate emerging threats, ensuring our systems remain resilient and trustworthy. You will work closely with our developers, influence security best practices, and lead initiatives that shape the future of web3 security.

Responsibilities

1. Analyze and assess novel and recurring security issues via design reviews, code audits, penetration tests.
2. Respond to and triage reports from bug bounty programs.
3. Design and build security tools, develop mitigations, frameworks and hardening strategies tailored for vulnerability prevention and detection.
4. Review and develop secure operational practices, and provide security guidance for engineers.

Minimum Qualifications

1. B.S. or M.S. in Computer Science, a related technical field, or equivalent experience.
2. 3+ years of experience in vulnerability research and exploitation.
3. Experience with native and web programming languages, development practices, and common vulnerability patterns (e.g. Rust, TypeScript, etc.)
4. Experience with automated security analysis tooling and frameworks (fuzzing, static analysis, etc.)

Preferred Qualifications

1. Contributions to the security community (public research, blogging, talks in relevant conferences, etc.)
2. Familiarity with smart contracts programming languages (extra bonus for Move), security tools and frameworks, including formal verification.
3. Experience with order books, perpetual dex, liquidity pools mathematics and broader DeFi protocols.

The base salary range for this full-time position is $150k -$200k.

Skills

• Rust
• Software Engineering
• TypeScript