About Immunefi
Immunefi exists to protect the future of money. Immunefi is Web3's last line of defense and leading bug bounty platform, preventing catastrophic hacks before user funds are stolen. Our team is highly specialized, so we’re looking for talented people who are willing to jump right in and use their expertise to help us protect Web3. If you’re looking to join a fast-paced, problem solving environment at the very core of decentralized finance, then read on.
Summary
If Immunefi is Web3’s last line of defense against catastrophic hacks, the Triage team at Immunefi is the internal intelligence division actively confirming and improving the defense strategy. The Smart Contract triager role requires timely, appropriate, and thorough response to reported vulnerabilities. We want to bring on a member of the team that provides great service at the high end - if hackers are to trust submitting their critical findings to us, we need to be able to live up to their trust with timely and appropriate responses. Our evaluation of their bugs from a technical perspective is crucial to our ability to properly reward their hard work. At the low end we still need to provide great service - we want to help them grow their capabilities so that a bad bug report today turns into a great one in the future.
Role Responsibilities
- Review incoming Smart Contract and Blockchain/DLT vulnerability reports and reproduce issues, assessing the severity and impact of each issue within the context of each organization’s threat model
- Triage incoming Bug Report submissions for Code Contests and Attackathons, lead or participate in technical walkthrough calls, support ongoing Boosts/Attackathons by ensuring that duplicates and Chief Finder’s bug reports are correctly marked and triaged, and collaborate with the team to enhance existing processes while proposing your own improvements..
- Work with hackers to identify missing information in reports, as well as help educate the community when reports are incorrect
- Write a brief summary for each report, including clear reproduction steps, the impact of the issue, and remediation advice
- Coordinate with our Bug Bounty Program team and customers to ensure smooth triage workflows for any programs you work with
- Draft, manage, and refine bug bounty programs, ensuring they are effectively designed to attract top talent and deliver valuable security insights. Monitor the progress of these programs and provide continuous feedback for improvement.
- Liaise across & advocate for parties on both sides of the Bug Bounty (Projects & Whitehats), providing advice, support & technical consultation to ensure accuracy of information, fairness of outcome & engagement of users
- Proactively identify and solve issues, as well as accept and quickly respond to delegated work
- Collaborate with the team to continuously improve triage processes, proposing and implementing enhancements that increase efficiency and effectiveness in handling bug reports and managing contests.
Applicant Requirements
- Ability to prioritize and organize operationally complex work, with great attention to detail
- Strong analytical and problem-solving skills, with the ability to quickly assess complex issues and develop effective solutions.
- Deep technical understanding of Smart Contracts, Smart Contract errors & Smart Contract vulnerabilities
- Ability to read and understand majorly popular EVM based Smart Contracts programming languages like solidity, vyper etc.
- Deep technical understanding of Blockchain/DLTs, Blockchain errors & Blockchain/DLT vulnerabilities
- Ability to read and understand majorly popular Rust Based Blockchains programming languages like Solana, Substrate, etc.
- Familiarity with newest Web3 security trends
- Ability to audit the code identifying and highlighting all vulnerabilities found in the code
- Ability to Understand how different DeFi and Blockchain protocols work and ability to apply that knowledge to understand the nature of the vulnerability.
- Ability to quickly understand new DeFi protocols and unfamiliar code bases
- Ability to quickly understand new Blockchain/DLT Networks and unfamiliar code bases
- Top notch communication and writing skills: need to be able to firmly, yet politely, respond to non-issues, non-bias towards the project or whitehat, as well as identify legitimate issues and communicate them to security teams in an easy to understand format
- Technical knowledge around Web3 security: ability to identify and reproduce reported vulnerabilities, as well as assess contextual risk
- Being a fully remote company, we are willing to consider applicants in any area however due to the needs of our current Projects & Whitehats, we require someone taking this role to have a work schedule aligned to Central / Western European Timezones
Nice-to-have
- Familiarity with different programming languages to understand the blockchain/DLT level applications which are written in Go, Rust, Move, Cairo, Python etc.
- You can write top-quality code samples and mini applications to demonstrate the technologies you want to explain
- Familiarity with vulnerability disclosure and bounty programs, including: report formatting and content, confidentiality and disclosure processes, the importance of clear and quick communication between hackers and customers, program policies, etc.
Working at Immunefi
Immunefi is the foremost Bug Bounty Marketplace in the crypto / Web3 space providing a platform to facilitate the protection of $bn of user funds. We aim for excellence in all we do and want to build a world class team of highly skilled professionals who can help us to scale & develop our company. If you are successful in joining the team, you will be working in a highly collaborative, cross-functional environment where ideas, input & communication are prized. By necessity, the work pace here is rapid and we need people who are able to rapidly immerse themselves. As a fully remote and geographically dispersed team, we require everyone to be capable of autonomous & self-driven work in addition to being able to manage communication across global timezones.
Our Core Values
Always start with the customer - we start with the best outcome for the customer.
Constant vigilance - the safety and success of our customers and the company depend on our high security standards.
Bias for action - we proactively make decisions to drive impactful outcomes.
Always raise the bar for excellence - we build and hold each other accountable for a culture of discipline and excellence.
Think big and bold - we set audacious goals.
Act as an owner and drive outcomes to the finish line - we fully commit to work that best serves the company and our mission.
Build trust, act with integrity - we consistently solve problems and honor our commitments with our team, customers, and community.
What We Offer
- 100% remote-first work environment, flexible schedule
- Autonomous work environment with trusting, smart, reliable team members
- An opportunity to be building an early-stage company in a dynamically evolving market and industry
- An opportunity to build your own path in the company as we continue to evolve and grow
- A global market (it’s fun to meet people from all over the world every day!)
- A chance to make impact and participate in building and securing the ecosystem for smart contracts and the future of money (we’re protecting over $100B in user funds)