Security Engineer

About the role:

Injective is seeking a Security Engineer to help strengthen and future-proof the security of our blockchain ecosystem and core infrastructure. This role blends hands-on security engineering with proactive research — you’ll identify and mitigate vulnerabilities, run offensive security campaigns, and help shape Injective’s reputation as one of the most secure ecosystems in Web3.

Responsibilities:

• Perform regular security reviews, penetration tests, and code audits across our chain modules, smart contracts, validator infrastructure, and supporting services.

• Hunt for new vulnerabilities through fuzzing, adversarial testing, and exploit development — at the protocol, network, and application layers.

• Develop internal tools to detect misconfigurations, suspicious activity, and chain-level edge-case exploits.

• Analyze emerging threats in other blockchains, rollups, bridges, or validator networks — assess Injective’s exposure, propose mitigations, and publish findings internally.

• Manage vulnerability scanning pipelines, patch management, and incident response processes.

• Audit internal systems and services (cloud accounts, access control, VPN, GitHub, secrets, endpoints, MDM, etc.) for best practice alignment

• Collaborate with core developers, validators, and external auditors to test, validate, and deploy security fixes.

• Contribute to our bug bounty program and coordinate with the security research community for responsible disclosure.

• Help define and enforce internal security policies, tooling, and education to raise baseline awareness

Who You Are

• 5+ years of experience in security engineering, offensive security, or protocol-level system audits

• Strong experience in security engineering for cloud-native or blockchain-based systems.

• Solid understanding of offensive security: vulnerability discovery, fuzzing, static/dynamic analysis.

• Experience working with or auditing blockchain protocols, validator setups, or smart contracts

• Hands-on experience securing distributed infrastructure (Linux, containers, Kubernetes, cloud networks).

• Familiarity with blockchain architectures (Cosmos SDK, Tendermint, IBC, EVM, CosmWasm, or cross-chain bridges).

• Proficiency in Go or Rust (protocols) or Solidity/CosmWasm (smart contracts) is a plus.

• Comfortable writing PoCs, threat models, or simple fuzzers to validate real-world risk.

• Self-driven, curious, and motivated to think like an attacker and design like a defender.

Bonus Points:

• Experience with Cosmos SDK, IBC, or Injective chain tooling

• Involvement in open-source security research, bug bounties, or CTFs

Why Work With Us:

• Work on high-impact security challenges at the forefront of decentralized finance

• Collaborate with a global team of protocol engineers, devops engineers, and Web3 pioneers

• Competitive compensation, generous token incentives, and flexible remote work