Senior Security Engineer

Senior15 days agoNew York, United StatesSecurity

Domains

Security & Auditing

About the Company

Born from groundbreaking research at Columbia University and Yale University, CertiK is a leading Web3 security company focused on securing blockchain protocols, smart contracts, and decentralized applications through cutting-edge security research, formal verification, and AI-powered technology. Founded in 2017 and headquartered in New York City, CertiK provides end-to-end security solutions including smart contract audits, penetration testing, on-chain monitoring, incident response, and compliance services for some of the largest projects in the digital asset ecosystem.

Today, CertiK supports thousands of enterprise clients and Web3 projects globally, with a distributed international team spanning North America, Asia, and Europe. The company is backed by leading investors including Coatue, Goldman Sachs, Insight Partners, and Sequoia Capital, and has been recognized by organizations such as the World Economic Forum and CB Insights for its contributions to blockchain security innovation.

About the Role

The primary responsibility of this role is for CertiK's security-related services. Intersecting cybersecurity and blockchain, CertiK's security offerings include security consulting, security reviews, security auditing of smart contracts and blockchains, verification of smart contracts, penetration testing, and more. We are looking to hire someone with a passion for application security and penetration testing. This is a fun and challenging full-time position. If you are excited about hacking, threat modeling, scanning, auditing, designing, and enhancing the security of applications across the board then you will thrive in this role. While you work with clients, we will also provide you with plenty of opportunities to get involved with research and development efforts to help us raise the standards of blockchain security.

Responsibilities

  • Lead design and deployment of enterprise-grade security solutions to safeguard internal networks, applications, and infrastructure, ensuring confidentiality, integrity, and availability of mission-critical systems and data.
  • Define and enforce organization-wide security policies and standards; own end-to-end vulnerability management lifecycle and lead cross-functional incident response with engineering, IT, and compliance teams.
  • Oversee real-time threat detection and response operations; conduct forensic investigations and drive root cause analysis for high-impact security incidents to inform long-term defense strategies.
  • Manage and execute comprehensive security assessments across internal and third-party systems, including architecture reviews, endpoint security evaluations, and infrastructure hardening initiatives.
  • Guide secure development practices by applying advanced static and dynamic analysis to identify vulnerabilities and deliver remediation guidance to engineering teams.
  • Conduct threat modeling and risk analysis for high-value systems to proactively identify and mitigate attack vectors and influence system and product architecture.
  • Architect and maintain internal security tooling to expand detection coverage, streamline response workflows, and enhance operational visibility.

Requirements

  • Master's degree in Computer Science, Software Engineering, Security Informatics, or a related field.
  • Expertise in threat modeling and architectural risk assessment using structured methodologies (e.g., STRIDE/DREAD).
  • Advanced knowledge of SSDLC, including static and dynamic analysis, QA practices, and end-to-end vulnerability lifecycle management (tracking, remediation coordination, verification).
  • Strong ability to conduct comprehensive security assessments across network infrastructure, application architecture, and system configurations.
  • Familiarity with cloud environments (AWS/Azure/GCP) and CI/CD deployment workflows.
  • Proficiency in Java and Python with applied skills in secure coding, debugging, symbolic execution, and internal tooling and automation scripting.

Compensation & Benefits

Target annual salary compensation for this role is $130,000 – $160,000. The exact compensation at which this job is filled will be determined by the skills and experience of qualified candidates.

  • Medical, vision, and dental insurance.
  • 401(k) plan with company matching.
  • Life and accidental death and dismemberment insurance.
  • HSA (with high deductible plan) and FSA.
  • Flexible paid time off and holidays.

About the Company

CertiK

CertiK

Explore more opportunities at CertiK.

View Details