Sr. Security Engineer (Penetration Testing)

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Sr. Security Engineer (Penetration Testing) based in United States.

In this role, you will operate at the intersection of cybersecurity and blockchain innovation, helping secure next-generation decentralized applications and infrastructure. You will perform advanced penetration testing across web, mobile, cloud, and blockchain environments, identifying vulnerabilities before they can be exploited. The position involves hands-on technical work combined with client-facing security consulting and reporting. You will collaborate with experienced security researchers and engineers in a fast-paced, highly technical environment. Beyond client engagements, you will also contribute to internal research and the development of new offensive security tools and methodologies. This is a high-impact role where your work directly strengthens the security of Web3 ecosystems globally.

• Perform in-depth security assessments across web applications, mobile applications, thick clients, and browser extensions, identifying vulnerabilities and attack paths.
• Conduct internal and external network penetration testing, including cloud environments such as AWS, Azure, and GCP, while evaluating security configurations and risks.
• Execute source code reviews and security audits across multiple programming languages, with emphasis on JavaScript and TypeScript ecosystems.
• Develop detailed penetration testing reports tailored for both technical teams and executive stakeholders, clearly communicating findings and remediation guidance.
• Research and build innovative tools, frameworks, and methodologies to improve penetration testing effectiveness in blockchain and decentralized systems.
• Contribute to the broader security community through publications, presentations, and open-source tool development.

Requirements:

• Strong passion for cryptocurrency, decentralized finance, and blockchain technologies, with willingness to learn smart contract ecosystems.
• Minimum of 4 years of experience in application security and penetration testing.
• Strong experience in source code review and secure software analysis across multiple languages, especially JavaScript and TypeScript.
• Hands-on experience in mobile application security testing and exploitation techniques.
• Solid understanding of cloud security principles across major platforms including AWS, Azure, and GCP.
• Proficiency in scripting and automation using Python and Bash.
• Strong understanding of cryptography fundamentals and applied security concepts.
• Degree in Computer Science, Information Security, or a related technical field.
• Excellent written and verbal communication skills for technical and non-technical audiences.

Benefits:

• Competitive annual base salary ranging from 100,000 to 180,000 US dollars depending on experience and qualifications.
• Comprehensive health coverage including medical, dental, and vision insurance.
• 401(k) retirement plan with company matching contributions.
• Health savings account and flexible spending account options.
• Life and accidental death and dismemberment insurance coverage.
• Flexible paid time off and company holidays for better work-life balance.
• Opportunity to work in a highly specialized and fast-growing security domain within Web3.