Senior Security Engineer (Penetration Testing)
CertiK is a leading blockchain and Web3 security auditor that provides smart contract auditing and a comprehensive suite of security tools for the crypto industry. Founded in late 2017 by professors from Columbia University and Yale University, CertiK has grown into the largest Web3 security service provider with headquarters in New York. The company’s services help blockchain projects, exchanges, and enterprises strengthen their security, and CertiK is trusted by major industry players worldwide (e.g. Binance, OKX, Polygon, etc.) to audit and monitor their systems.
About CertiK
CertiK specializes in blockchain cybersecurity, leveraging formal verification techniques and AI technology to secure smart contracts and blockchain protocols across the Web3 ecosystem. The company offers end-to-end security solutions including smart contract and blockchain audits, on-chain monitoring (through its Skynet platform), penetration testing, compliance/AML tools, and advisory services, covering the entire project lifecycle from development to post-deployment. One of the fastest-growing firms in the crypto security sector, CertiK has served nearly 4,000 clients and helped secure over $360 billion worth of digital assets by detecting tens of thousands of vulnerabilities in code. Its clients range from DeFi protocols and layer-1 blockchains to exchanges and wallets – notable examples include projects like Aave, Polygon, Binance Smart Chain, Terra, and more. Backed by top investors such as Sequoia Capital, Tiger Global, Coatue, and Goldman Sachs, CertiK has established itself as a market leader in blockchain security. The company’s mission is to “secure the Web3 world,” applying cutting-edge academic research to real-world blockchain applications to improve safety and trust in the crypto ecosystem.
Skills
About the Role
You will perform penetration tests and application security assessments across web, mobile, desktop, and browser extension platforms. You will conduct external and internal network tests, review source code, assess cloud security (AWS, Azure, GCP), and analyze Web3 applications including smart contracts. You will produce clear pentest reports for technical and non-technical audiences, research and develop new testing techniques and tools, and share findings via tools, presentations, and blog posts.
Requirements
- Passionate about cryptocurrency, DeFi, and blockchain with willingness to learn Web3 technologies such as smart contracts
- Minimum of 4 years of experience in application security and penetration testing
- Experience in source code review for multiple languages with strong understanding of JavaScript and TypeScript
- Experience in mobile application penetration testing
- Familiarity with cloud platforms and their security risks such as AWS, Azure, and GCP
- Experience programming with scripting languages such as Python and Bash
- Solid understanding of cryptography
- BS/MS/PhD in Computer Science or Information Security
- Strong spoken and written communication skills
Responsibilities
- Perform security assessments on web applications, mobile applications, thick client applications, and browser extensions
- Conduct external and internal network penetration tests
- Perform security source code reviews
- Perform cloud security reviews
- Develop comprehensive pentest reports for technical and non-technical audiences
- Research and develop pentesting techniques, tools, and methodologies for blockchain applications
- Contribute to the community by developing tools, presentations, and blog posts
Benefits
- Medical insurance
- Vision insurance
- Dental insurance
- 401(k) plan with company matching
- Life and accidental death and dismemberment insurance
- HSA (with high deductible plan)
- FSA
- Flexible paid time off and holidays
- Variable commission program for business development sales roles
