About Immunefi Immunefi exists to protect the future of money. Immunefi is DeFi’s last line of defense and leading bug bounty platform, preventing catastrophic hacks before user funds are stolen, As of today, Immunefi actively protects $60B funds and has $157M in bounty awards available. To date, Immunefi has averted $25B in hack damage and paid $80M in bounties to security researchers. Our team is highly specialized, so we’re looking for talented people who are willing to jump right in and use their expertise to help us protect DeFi. If you’re looking to join a fast paced, problem solving environment at the very core of decentralized finance, then read on.
Summary If Immunefi is Web3’s last line of defense against catastrophic hacks, the Triage team at Immunefi is the internal intelligence division actively confirming and improving the defense strategy. The Smart Contract Triager role requires timely, appropriate, and thorough response to reported vulnerabilities. We want to bring on a member of the team that provides great service at the high end – if hackers are to trust submitting their critical findings to us, we need to be able to live up to their trust with timely and appropriate responses. Our evaluation of their bugs from a technical perspective is crucial to our ability to properly reward their hard work. At the low end we still need to provide great service – we want to help them grow their capabilities so that a bad bug report today turns into a great one in the future.
Role Responsibilities
Vulnerability Evaluation:
Review and assess submitted vulnerabilities in smart contracts to determine their validity.
Prioritize the severity of vulnerabilities based on potential impact, likelihood, and other relevant factors.
Ability to do analytics of the protocols – like funds at risk calculations – using Dune or bitqueries.
Reproduce the vulnerability in various frameworks like Foundry, Hardhat, Brownie, etc.
Mediation:
Review and understand the nature of the dispute, whether it’s related to vulnerability assessment, bounty payment, or other aspects of the bug submission.
Utilize expertise in relevant technologies to assess the validity and severity of the reported vulnerability, ensuring unbiased judgment.
Work towards a resolution that is perceived as fair and reasonable by both the security researcher and the company.
Ensure that the mediation process upholds the principles and guidelines of the bug bounty program, fostering trust and reliability within the community.
Responsible for articulating mediation points with clarity and precision, ensuring that all communications are both concise and transparent. Must employ advanced writing skills to guarantee mutual understanding between parties, recognizing that effective communication is pivotal to successful mediation outcomes.
Communication:
Provide timely feedback to responsible team members regarding the status of their submission.
Maintain open lines of communication with relevant internal stakeholders about critical vulnerabilities and their potential impact.
Continuous Learning:
Stay updated with the latest developments, best practices, and trends in smart contract vulnerabilities and blockchain security.
Participate in training sessions, workshops, or conferences related to Web3 and blockchain security.
Community Engagement:
Foster a sense of community and trust among the contributors by being transparent, approachable, and respectful.
Participate in community events, AMAs, or forums to answer questions, provide guidance, and promote the Bug Bounty Platform.
Collaboration:
Collaborate with other teams, like public relations or legal, in case of high-profile or sensitive vulnerabilities.
Platform Improvement:
Provide feedback on the bug bounty platform’s processes and tools to ensure they remain efficient and contributor-friendly.
Suggest improvements or new features that could enhance the experience for contributors and streamline the triage process.
Crisis Management:
In the case of critical vulnerabilities or public exposures, coordinate with relevant teams to manage the situation, ensuring swift resolution and minimal harm.
Applicant Requirements
Technical Expertise:
Strong understanding of smart contract development and vulnerabilities.
Familiarity with blockchain platforms like Ethereum, Optimism, L2s, ZK-Proofs
Prior Experience:
Must possess a minimum of 2-3 years of experience specifically in Web3 security roles, with a deep understanding of decentralized application vulnerabilities and associated threat landscapes.
Analytical Skills:
Ability to analyze and categorize vulnerabilities based on severity, potential impact, and exploitation likelihood.
Communication Skills:
Exceptional written and verbal communication skills to provide clear feedback to security researchers and internal stakeholders.
Capable of explaining technical details in an understandable manner to non-technical audiences.
Problem Solving:
Demonstrated ability to collaborate with developers and researchers to devise effective solutions for identified vulnerabilities.
Time Management:
Capability to prioritize tasks and respond swiftly to critical vulnerabilities, ensuring the platform’s timely defense.
Team Player:
Ability to work collaboratively within an internal team, fostering a positive work environment.
Open to receiving feedback and continuous learning.
Ethical Standards:
Adherence to high ethical standards, ensuring confidentiality and integrity in all operations.
Continuous Learning:
Willingness to stay updated with the latest developments in blockchain technologies, smart contract vulnerabilities, and DeFi trends.
Customer Service Orientation:
A mindset geared towards assisting and guiding security researchers, promoting a culture of growth and mutual respect.
Working at Immunefi Immunefi is the foremost Bug Bounty Marketplace in the crypto / Web3 space providing a platform to facilitate the protection of $bn of user funds. We aim for excellence in all we do and want to build a world class team of highly skilled professionals who can help us to scale & develop our company. If you are successful in joining the team, you will be working in a highly collaborative, cross-functional environment where ideas, input & communication are prized. By necessity, the work pace here is rapid and we need people who are able to rapidly immerse themselves. As a fully remote and geographically dispersed team, we require everyone to be capable of autonomous & self-driven work in addition to being able to manage communication across global timezones.
Core Values Radical Candor – we seek out & give open feedback, both up & down across the entire organization Be Worthy of Trust – we can’t do our job without the trust of our clients. We want everyone here to be deserving of that trust and to be able to unequivocally trust the rest of the team Take Responsibility & Own It – responsible people thrive on independence and are worthy of freedom – be accountable, grow from your mistakes Exercise Good Judgment – independent, good judgment means thinking for yourself and keeping the interests of the mission at heart Writing is Greater Than Talking – By focusing on writing, we let our ideas take center stage. Writing allows for unemotional clarity about what we are doing, why we are doing it, and also what we are not doing
What We Offer
100% remote-first work environment, flexible schedule
Autonomous work environment with trusting, smart, reliable team members
An opportunity to be building an early-stage company in a dynamically evolving market and industry
An opportunity to build your own path in the company as we continue to evolve and grow
A global market (it’s fun to meet people from all over the world every day!)
A chance to make impact and participate in building and securing the ecosystem for smart contracts and the future of money (we’re protecting over $100B in user funds)
