Security Auditor

About Defense Defense serves as the auditing services arm within Thesis, Inc., the venture studio behind Mezo, tBTC, Fold, Acre, Etcher, Taho and Embody. Our team of senior security and cryptography auditors has extensive experience in the decentralized technology space. In addition, the Defense team has a demonstrated track record in a variety of languages and technologies, including, but not limited to, smart contracts, cryptographic protocols including zk-cryptography, dApps including wallets and browser extensions, and bridges. Defense has extensive experience conducting security audits across a number of ecosystems, including, but not limited to, Ethereum, Zcash, Aleo, Mina, Cosmos, and Bitcoin. As a security auditing team, we are at the forefront of the rapidly evolving crypto and decentralized tech space. Our team of skilled security auditors is responsible for assessing whether projects adhere to security due diligence protocols and best practices, and helping them improve their security in order to minimize the potential for vulnerabilities, broaden their adoption, and improve the overall security of the crypto ecosystem. If you believe you have the right skills for this role, please feel free to apply and read more about what it's like to be working at Thesis. About the Role Defense is seeking 3 - 4 skilled experienced Security Auditors with various backgrounds and areas of expertise to join our team. Security Auditors are responsible for conducting comprehensive and rigorous security audits of both on-chain and off-chain technologies and protocols, including smart contracts, decentralized applications (dApps) like wallets and browser extensions, bridges, cryptographic protocols, consensus mechanisms, digital assets, and more. This role involves analyzing and assessing the security measures of decentralized systems, identifying vulnerabilities, and recommending solutions to minimize the potential attack surface and improve a project’s overall security posture. The ideal candidate should possess deep knowledge of security vulnerabilities in their particular technology / language of expertise, security principles, and the latest in security threats targeting the crypto and web3 ecosystem. This role demands a proactive approach to identifying and mitigating security risks and providing insight into measures to protect data against unauthorized access or breaches in a landscape where innovation and security are paramount. What You'll Do

• Conduct thorough, in-depth security audits across various systems, networks, and applications to identify vulnerabilities and risks.
• Analyze and evaluate cryptographic protocols and encryption techniques used to ensure they meet the highest security standards.
• Develop and implement robust security policies and procedures tailored to the unique challenges of each project being audited.
• Collaborate with development teams to integrate security practices into the development lifecycle.
• Prepare detailed audit reports, documenting audit findings, implications, providing clear and actionable recommendations for addressing identified security issues.
• Stay abreast of emerging security threats, vulnerabilities, and controls in the crypto space, continuously adapting audit strategies to mitigate new risks.
• Provide expert guidance on regulatory compliance and best practices related to security and privacy standards.
• Facilitate security training sessions for technical and non-technical team members to foster a culture of security awareness.
• (Optional) Perform penetration testing and vulnerability assessments on a wide range of crypto projects and technologies. Requirements
• Proven experience in security auditing, with a deep understanding of blockchain technology, smart contracts, and decentralized systems.
• Professional security certifications specific to blockchain technology are highly desirable.
• Working knowledge / expertise of one or more of the following programming languages used in blockchain development, such as Solidity, TypeScript / JavaScript, Go, or Rust is essential.
• Ability to understand complex concepts including source code, system components and their interactions, and the business logic of a protocol.
• Ability to formulate attack vectors and identify security vulnerabilities.
• Excellent analytical, problem-solving, and communication skills, capable of conveying complex security concepts to diverse audiences.
• Effective communication and reporting skills, capable of explaining technical details and recommendations to non-technical stakeholders.
• Detail-oriented with a proactive approach to problem-solving.
• A commitment to continuous learning and staying current with the evolving landscape of security threats and defenses.
• An exceptional team player that works and collaborates well with a team on each project.
• Prior experience working in a fully remote, geographically-distributed workplaces. Location
• All Defense roles are remote-first, with a preference for Europe & Americas (CET +/- 5) time zones to accommodate project needs and collaboration.
• Occasional travel may be required for team meetings, security conferences, and industry events. Number of Positions We are seeking 3 - 4 Security Auditors who are available immediately, or as soon as possible, for full-time engagements on the Defense team. Salary We pay top of the market, variable with experience and a number of other factors. Benefits At Defense, we work in a fun, fast-paced environment that operates by collaborating both remotely and in person when we can. We offer a competitive salary, full health benefits, opportunity for equity and a number of other perks. Our Cultural Tenets We Believe in Freedom and AutonomyWe Have Inquisitive MindsWe Are Obsessed with CommunicationWe Are Proudly OffbeatWe Care About Each OtherWe Are Driven