hackquest logo

Application Security Engineer(Web3)

M

Moledao

90 - 200K USD
Full-time
Remote

Base location options: Singapore / Malaysia / United Arab Emirates (UAE)


Job Responsibility


  • Conduct security assessments on business systems and infrastructure (Java/Golang/JS/C++) including but not limited to penetration testing, code auditing, and promotion of vulnerability and risk remediation.
  • Track the latest industry vulnerabilities, conduct analysis and reproduction, perform internal impact assessments, and drive related vulnerability fixes.
  • Integrate security requirements/best practices into the design, development, testing, and deployment phases to ensure the security of the entire software development lifecycle (SDLC).
  • Familiar with Web3 industry-related products, identify vulnerabilities in business architecture, product processes, and logic, and promote their remediation.
  • Develop security-related documentation such as source code security specifications, security solutions, remediation plans, and security best practices.


Requirements:


  • Bachelor’s degree or above; majors in Computer Science, Information Security, Network Engineering, or related fields are preferred.
  • At least 5 years of work experience in Internet companies or Web3 industry companies, with relevant experience in security testing, auditing, and assessment.
  • Familiar with the principles of common security vulnerabilities (not limited to OWASP Top 10), as well as their discovery methods, exploitation scenarios, mitigation measures, and remediation plans.
  • Familiar with common vulnerabilities in Java/Golang/JS/C++ languages and related frameworks (e.g., Spring MVC/SSM/Gobin/GoZero vulnerabilities).
  • Strong understanding of penetration testing, proficient in common testing tools, code auditing tools, and techniques.
  • Proactive learning ability, strong logical thinking, and excellent communication, organization, coordination, and promotion skills.


Preferred Qualifications:


  • Submitted high-quality vulnerabilities on various national Security Response Center (SRC) platforms.
  • Discovered vulnerabilities in programming languages or development frameworks and obtained high-quality CVEs.
  • Experience in developing tools or platforms.