About Hashgraph:

Hashgraph is a fast-growing software company committed to supporting, developing and servicing Hedera, an open source, proof-of-stake platform. Hedera is EVM-compatible and has been specifically built to meet the needs of enterprise and Web3 applications, which require speed, security, stability and sustainability. Hedera’s public network is governed by industry-leading organizations, spanning 11 sectors and 14 regions who oversee the development and direction of the decentralized platform.

You may find yourself doing all of the following:

– Conducting thorough security reviews of the company’s products throughout the development lifecycle, including the design, implementation, and release phases
– Collaborating with cross-functional teams to identify security vulnerabilities and recommend mitigation strategies
– Developing and maintaining security testing methodologies and procedures
– Implementing and managing automated security testing tools and processes
– Providing guidance and support to development teams on secure coding practices and security best practices
– Staying current with industry trends and emerging threats to inform and enhance product security measures
– Assisting in incident response activities related to product security incidents
– Participating in security awareness training programs for internal stakeholders

Qualification Requirements:

– Minimum 6 years of experience in application or product security, including 2-3 years of experience in software development or related field
– Familiarity with common security vulnerabilities and attack vectors
– Hands-on experience with security testing tools such as static analysis, dynamic analysis, and fuzzing tools
– Strong understanding of secure coding practices and principles (mainly Java and Solidity)
– OSWA and/or CISSP certifications are mandatory – web3 experience can be considered as an alternative if these certifications haven’t been obtained

Other skills that are great to bring with you but that we can help you develop:

– Relevant certifications (e.g., OSCP, OSEP, OSWE)
– Experience in Bug bounty, Security Research, CVE publications, Red teaming, and attack surface management
– Experience with cloud environments (e.g., GCP, AWS)
– Understanding of common programming languages and scripting languages, such as Python, PowerShell, or Bash
– Experience with containerization and orchestration technologies, such as Docker and Kubernetes, and their associated security best practices
– Knowledge about web3 / Blockchain / Crypto