Who we are

Immunefi is DeFi's last line of defense and leading bug bounty platform, preventing catastrophic hacks before user funds are stolen. Our team is highly specialized, so we’re looking for talented people who are willing to jump right in and use their expertise to help us protect DeFi. If you’re looking to join a fast paced, problem solving environment at the very core of decentralized finance, then read on.

Why we need a DeFi Security Analyst

Timely, appropriate, and thorough response to reported vulnerabilities is the backbone of our business. We need additional help triaging smart contract bug reports. We need to provide great service at the high end--if hackers are to trust submitting their critical findings to us, we need to be able to live up to their trust with timely and appropriate responses. Our evaluation of their bugs from a technical perspective is crucial to our ability to properly reward their hard work. At the low end we still need to provide great service--we want to help them grow their capabilities so that a bad bug report today turns into a great one in the future.

To be successful in this role...

You will:

  • Review incoming smart contract vulnerability reports and reproduce issues, assessing the severity and impact of each issue within the context of each organization’s threat model
  • Work with hackers to identify missing information in reports, as well as help educate the community when reports are incorrect
  • Write a brief summary for each report, including clear reproduction steps, the impact of the issue, and remediation advice
  • Coordinate with our Customer Success team and customers to ensure smooth triage workflows for any programs you work with
  • Ensure clear and efficient communication between hackers and customers
  • Proactively identify and solve issues, as well as accept and quickly respond to delegated work; as we are distributed, being able to win as a team to solve problems is critical to our success
  • War room with the Immunefi team to help mitigate vulnerabilities as needed

You have:

  • You can write top-quality code samples and mini applications to demonstrate the technologies you want to explain
  • Familiarity with vulnerability disclosure and bounty programs, including: report formatting and content, confidentiality and disclosure processes, the importance of clear and quick communication between hackers and customers, program policies, etc.
  • Ability to prioritize and organize operationally complex work, with great attention to detail
  • Top notch communication skills: need to be able to firmly, yet politely, respond to non-issues, as well as identify legitimate issues and communicate them to security teams in an easy to understand format
  • Technical knowledge around smart contract security: ability to identify and reproduce reported vulnerabilities, as well as assess contextual risk

You are:

  • Passionate and excited about the web3 industry
  • You are a strong communicator with experience communicating complex technical subjects and their consequences to non-technical people
  • A problem solver, and very detail oriented
  • A proactive self-starter who wants to take as much ownership as possible for their work, and is highly proactive about expanding the scope of their work

Required experience:

  • 1-3 years of programming experience in at least one of: Solidity, Vyper, Rust