Web3 Security Research Engineer, OneSavieLab

Job Overview

MAMORI is an AI-driven real-time virtual asset monitoring and alert system. We have integrated a variety of the latest AI models and analyzed thousands of past hacking incidents to assist governments and institutions in predicting various aspects of asset risks on the blockchain. Our vision is to maximize the power of AI to automate the resolution of various challenges faced by government agencies and institutions in regulating and monitoring global web3 projects, all of which can be addressed through MAMORI.

Location  

Taipei, Taiwan

Responsibilities 

You will play a pivotal role in enhancing the security and integrity of Web3 projects and businesses. Collaborating closely with product owners at MAMORI, security auditors at OneInfinity, and red team researchers at Cymetrics to work on

• Smart Contract Audit Projects: Plan and execute smart contract audits, assist clients in identifying and mitigating vulnerabilities, and verify the effectiveness of remediations.
• Penetration Testing: Focus on conducting penetration tests specifically targeting smart contract risks within Web3 projects and businesses, identifying vulnerabilities, and suggesting improvements.
• Tool Integration and Automation: Collaborate with the team to integrate existing tools and develop automated scanning and AI detection services for Web3 projects.
• Client Collaboration: Engage in project meetings with clients to clarify and resolve issues, ensuring clear communication and problem-solving.
• Product and Platform Improvement: Work with the product development team to enhance security products and platforms, ensuring they meet the highest standards of security and efficiency.
• Research and Publication: Investigate vulnerabilities in websites or open-source projects and publish your findings on the company's technical blog, contributing to the broader knowledge base and security community.

Requirements 

• Proficiency in application security and blockchain security, including knowledge of exploitation methods, solutions, and common security bugs.
• At least 1 year of experience in security audit, with a background in Java or other programming languages. Experience in leading or participating in Secure
• Development Lifecycle (SDL) implementation is preferred.
  
• Familiarity with the blockchain industry, its related technologies, common security risks, and the working principles of mainstream chains such as BTC and ETH.
• A solid understanding of encryption, decryption, signature, and other cryptographic algorithms.
• Knowledgeable in penetration testing and familiar with mainstream attack methods.
• A strong interest in emerging blockchain technologies with a self-driven approach to learning and understanding new concepts
• Familiarity with OWASP testing guides and other security testing methodologies. Understanding of web vulnerabilities, operating systems, network architecture, and underlying principles is essential.
• Ability to articulate and document test results clearly, provide remediation suggestions, and effectively communicate with both teams and clients.
• Fluency in spoken and written Chinese and English is required to explain penetration test reports to clients comprehensively. 

Plus 

• Involvement in open-source projects, demonstrating contributions to and collaboration within the security community.
• Have some understanding of on-chain attack methods and have a deep understanding of the principles of attacks.
• Experience in bug bounty programs from reputable companies or participation in international CTFs (or equivalent CVE vulnerabilities).
• Possession of OSWE or OSCP certifications (or other equivalent information security certifications).
• Proficiency in writing technical articles related to cybersecurity (vulnerability research, CTF write-ups, etc.).

Interview Process 

• HR Phone interview
• Onsite Interview: 1.5 hours, 1 hour meeting with hiring team + 0.5 hours meeting with HR.