Security Lead(No experience required)
Job TypeFull Time
Visa SponsorshipNot Available
Remote Work PolicyOnsite or remote
Hiring contactJack Sanford
Sherlock believes that a sound currency and functioning financial system should be basic human rights. Sherlock’s mission is to help create an open, uncensorable financial system that is secure enough for billions of people to trust with their life savings.
Smart contract auditing is a good start, but it’s not enough. That's why Sherlock provides protocols with state-of-the-art, incentive-aligned audit contests as well as smart contract exploit coverage and bug bounty coverage.
Sherlock is the only audit provider to offer a "best of both worlds" solution to auditing, as well as back audits with smart contract exploit coverage.
The best of both worlds approach combines traditional auditing (reserving 1-2 highly talented security experts) with an audit contest approach that gets hundreds of eyes on a codebase and surfaces things that teams of 2-4 can just never find.
And Sherlock is the only auditor to offer smart contract exploit coverage behind each audit. If activated, it means Sherlock can pay out USDC if the contracts Sherlock audited get hacked. Sherlock also offers bug bounty coverage for whitehats who find bugs in the later on. No other security player has more incentive alignment with protocol teams and users than Sherlock.
Sherlock has done more smart contract audits than nearly anyone else since launching audit contests in September 2022. Repeat customers include Optimism, GMX, Ajna, Gitcoin, Index Coop, Opyn, Notional, OlympusDAO, Lyra, Perennial and many more.
Join Sherlock's elite team at the ground floor, backed by some of the leading Silicon Valley and crypto venture capitalists including IDEO, Archetype, Dragonfly Ventures, Spartan, A Capital, Scalar Capital, DeFi Alliance, GSR, CoinFund, LedgerPrime, and Synthetix founder Kain Warwick.
Sherlock's culture is fast-moving, intense, and not right for everyone. To excel on this team, you must:
- Be mission-focused. Anyone who is in this for reasons other than creating the best worldwide financial system in history will either get too demotivated to last through multi-year bear markets or get too distracted during the frothy bull markets.
- Be willing to work long, hard and smart. If Sherlock has any advantage, it is the willingness to work harder and think with more discipline than anyone else. This includes thinking from first principles about all important decisions and always thinking in tradeoffs and bets.
- Be an owner. You will get ownership in Sherlock after a short time in this role, so you will be expected to act like you are the owner of a Michelin-star restaurant where no effort or detail to improve the customer's experience is too small for you.
- Be a builder. Everyone at Sherlock is deep in the arena and we are reminded of that every day by the people who sit in the stands (on Twitter or elsewhere) and criticize. There are no "idea people" or managers at Sherlock; everyone is in execution mode first and foremost and gets their hands dirty.
- Be a customer at all times. The customer is always right and if the customer makes a mistake, it is Sherlock's fault for not making the rules, UI or UX, etc. clear enough. It is too easy to sit behind a computer and build in an echo chamber, so we must experience the customer's viewpoint as often as possible.
- Be a professional athlete. Professional athletes opt in to a high-performance, meritocratic culture. This creates an environment that brings out the best in people and rewards each for their respective performance. But it's also an environment where being in the 70th percentile in your role means you will have a short tenure on the team.
- You thrive in a direct, transparent environment. You must be comfortable giving direct feedback to others and receiving direct feedback yourself. "Not ruffling feathers" comes at the expense of moving in a suboptimal direction for too long. Sherlock is extremely transparent internally (and with customers) which means you can get involved in decisions made in any part of Sherlock.
Sherlock is a fast-moving, early-stage crypto protocol. Everyone on the team wears many hats and roles change often.
This role will be focused on a few different aspects of Sherlock. First, your job will be to help the Business Development and Sales teams. These teams are not technical, don't have Solidity knowledge and definitely don't have smart contract security knowledge. Your job is to have all of those things and help the BD/Sales teams build relationships with clients and convince clients to use Sherlock.
Second, your job will be to assist the Marketing team at Sherlock. This means everything from writing up exploits into technical blog posts to defining Sherlock's Twitter strategy and creating repeatable content for Twitter.
Third, your job will be to help the Sherlock audit contest processes go smoothly. This means helping to scope codebases (define the price Sherlock should charge and the length of time the audit should take) and make sure everything in a client's codebase is prepared before an audit contest.
You know that your knowledge base at any given time is woefully incomplete and, especially in crypto, continuously learning and pushing your comfort zone is the only way to evolve and innovate. In the same vein, you know that your design/solution is always wrong, and you must continuously work to make it less wrong. But you also don't get stuck in the trap of optimizing a solution that should not exist in the first place, so you continously question the "requirements" of the problem you are trying to solve. If you're serious about applying for this job and you read this far, please email jack at sherlock dot xyz with 4-sentence answers to these three questions: What excites you about smart contract security? Why are you well-suited to help BD/Sales/Marketing accomplisih their goals from a technical perspective? Why should we hire you over hundreds of other applicants?
If you saw a lot of yourself in the description above, then you should consider applying to this role at Sherlock. Some day-to-day responsibilities include:
- Writing up case studies and other materials to help the BD/Sales teams
- Getting on calls when necessary to support BD/Sales
- Writing up exploit breakdowns and other content for marketing/social media
- Scoping codebases to determine the price and timeline for audit contests
- Helping to make sure a contest is ready to be started (test suite is working, etc.)
- Strong Solidity knowledge
- Intermediate to expert-level web3 security knowledge
- Strong experience with Git/Github
- An interest in the business/marketing side of Sherlock
- Good communication skills (can speak English well, turns camera on for calls, can talk to clients)
- Excitement that cryptocurrencies and smart contract apps will make the world a better place
Nice to Haves
- Expert-level experience with smart contract security
- Experience participating in Sherlock contests as an auditor
- Experience participating in Sherlock contests as a judge
- BD/Sales/Marketing skills in addition to the required smart contract security skills
What's in it for you
- Attractive base (payable in fiat or crypto) + tokens/equity. While the base salary will be competitive, Sherlock prides itself on above-market token compensation, giving you a large stake in Sherlock’s long-term success.
- Flexible time-off policy
- Fully remote and flexible workstyle gives you the autonomy to live and work how you want
- Optional access to shared working space at your local WeWork or equivalent
- Great healthcare including dental (where relevant)
- Multiple offsites each year in places like France, Colombia, Portugal, etc.
- Root access to the decision-making process/criteria in all areas of Sherlock and the ability to work directly with the founders
- Ability to move quickly and get stuff done on a small, elite team that is already making a big impact in the crypto space
- Play a huge role in defining the future of Sherlock and accomplishing the goal of making crypto/DeFi accessible to everyone