Product Security Engineer

Our client is building the next-generation decentralised exchange with a fully on-chain order book. They aim to bring equities on-chain, creating a secure, transparent, and high-performance trading infrastructure that can support institutional volumes while remaining accessible to retail participants. The goal is to deliver a trustless platform that matches the speed and efficiency of traditional trading engines while providing full transparency by running execution as close as possible to the blockchain itself. They are now seeking a hands-on Security Engineer who thrives in a startup environment.

Scope of the Role

You'll work alongside product owners and engineers with the objective to secure the products in client's ecosystem. Products include a next-generation decentralised exchange with a fully on-chain order book, a user-facing application, and a stablecoin. This is a hands-on, technical role. You'll be the person who actively tests the systems, hunts for vulnerabilities, models threats against their products, and works with engineers to close the gaps.

Successful Applicants

The ideal person will come from decentralised exchanges, DeFi protocols, blockchain security firms, L1/L2 chain security teams, or fintech companies with trading infrastructure. We're also open to strong AppSec engineers from cloud-native startups who have genuine interest in web3.

Requirements

• 5+ years of hands-on experience with a focus on application security, penetration testing, or product security.
• Demonstrated ability to find vulnerabilities — through manual testing, architecture and/or code review, or creative attack simulation. You should be able to describe specific bugs you've found and how you found them.
• Practical experience with exchange or trading platform security — from a DEX (preferred) or DeFi protocol. You should understand order book mechanics, transaction flows, wallet security, and the threat landscape specific to trading infrastructure.
• Scripting and automation ability — you write tools and automate to scale security across the stack, not just audit and write reports.
• Experience triaging vulnerabilities and writing clear, actionable remediation guidance for developers.
• Strong written communication in English — you'll write tickets, assessment reports and researcher responses.

Highly Desirable

• Experience with cloud infrastructure security — least-privilege enforcement, network security, secrets management.
• Experience with container security — network policies, RBAC, pod security standards, image scanning, Dockerfile hardening, base image management.
• Ability to read and review code in at least one of: TypeScript/JavaScript, Solidity, Rust.
• Understanding of software supply chain security, including dependency risks, build integrity, and methods for tracking what components are included in shipped software.
• Experience managing or participating in a bug bounty program (e.g. Immunefi, HackerOne).