Smart Contract Triager
Immunefi exists to protect the future of money. Immunefi is DeFi's last line of defense and leading bug bounty platform, preventing catastrophic hacks before user funds are stolen. Our team is highly specialized, so we’re looking for talented people who are willing to jump right in and use their expertise to help us protect DeFi.
If Immunefi is Web3’s last line of defense against catastrophic hacks, the Triage team at Immunefi is the internal intelligence division actively confirming and improving the defense strategy. The Smart Contract Triager role requires timely, appropriate, and thorough response to reported vulnerabilities. We want to bring on a member of the team that provides great service at the high end - if hackers are to trust submitting their critical findings to us, we need to be able to live up to their trust with timely and appropriate responses. Our evaluation of their bugs from a technical perspective is crucial to our ability to properly reward their hard work. At the low end we still need to provide great service - we want to help them grow their capabilities so that a bad bug report today turns into a great one in the future.
- Review and assess submitted vulnerabilities in smart contracts to determine their validity.
- Prioritize the severity of vulnerabilities based on potential impact, likelihood, and other relevant factors.
- Ability to do analytics of the protocols - like funds at risk calculations - using Dune or bitqueries.
- Reproduce the vulnerability in various frameworks like Foundry, Hardhat, Brownie, etc.
- Review and understand the nature of the dispute, whether it's related to vulnerability assessment, bounty payment, or other aspects of the bug submission.
- Utilize expertise in relevant technologies to assess the validity and severity of the reported vulnerability, ensuring unbiased judgment.
- Work towards a resolution that is perceived as fair and reasonable by both the security researcher and the company.
- Ensure that the mediation process upholds the principles and guidelines of the bug bounty program, fostering trust and reliability within the community.
- Responsible for articulating mediation points with clarity and precision, ensuring that all communications are both concise and transparent. Must employ advanced writing skills to guarantee mutual understanding between parties, recognizing that effective communication is pivotal to successful mediation outcomes.
- Provide timely feedback to responsible team members regarding the status of their submission.
- Maintain open lines of communication with relevant internal stakeholders about critical vulnerabilities and their potential impact.
- Stay updated with the latest developments, best practices, and trends in smart contract vulnerabilities and blockchain security.
- Participate in training sessions, workshops, or conferences related to Web3 and blockchain security.
- Foster a sense of community and trust among the contributors by being transparent, approachable, and respectful.
- Participate in community events, AMAs, or forums to answer questions, provide guidance, and promote the Bug Bounty Platform.
- Collaborate with other teams, like public relations or legal, in case of high-profile or sensitive vulnerabilities.
- Provide feedback on the bug bounty platform's processes and tools to ensure they remain efficient and contributor-friendly.
- Suggest improvements or new features that could enhance the experience for contributors and streamline the triage process.
- In the case of critical vulnerabilities or public exposures, coordinate with relevant teams to manage the situation, ensuring swift resolution and minimal harm.
- Strong understanding of smart contract development and vulnerabilities.
- Familiarity with blockchain platforms like Ethereum, Optimism, L2s, ZK-Proofs
- Must possess a minimum of 2-3 years of experience specifically in Web3 security roles, with a deep understanding of decentralized application vulnerabilities and associated threat landscapes.
- Ability to analyze and categorize vulnerabilities based on severity, potential impact, and exploitation likelihood.
- Exceptional written and verbal communication skills to provide clear feedback to security researchers and internal stakeholders.
- Capable of explaining technical details in an understandable manner to non-technical audiences.
- Demonstrated ability to collaborate with developers and researchers to devise effective solutions for identified vulnerabilities.
- Capability to prioritize tasks and respond swiftly to critical vulnerabilities, ensuring the platform's timely defense.
- Ability to work collaboratively within an internal team, fostering a positive work environment.
- Open to receiving feedback and continuous learning.
- Adherence to high ethical standards, ensuring confidentiality and integrity in all operations.
- Willingness to stay updated with the latest developments in blockchain technologies, smart contract vulnerabilities, and DeFi trends.
Customer Service Orientation:
- A mindset geared towards assisting and guiding security researchers, promoting a culture of growth and mutual respect.
Listed in: Crypto Jobs, Remote Web3 Jobs, Non Tech Web3 Jobs, Legal Web3 Jobs, Community Web3 Jobs, Operations Web3 Jobs, Security Web3 Jobs, Web3 Crypto Jobs, Swift Crypto Jobs, DeFi Crypto Jobs, Ethereum Web3 Jobs, Zk Crypto Jobs, Public Relations Web3 Jobs, Smart Contract Crypto Jobs, Contract Crypto Jobs, Full Time Crypto Jobs.
Let Immunefi know that you found this job on CryptoJobsList. This helps us get more companies to post web3 jobs here!