Mysten LabsRemote
Security Engineer
United States of America
Full Time
3 weeks ago
$140,000 - $190,000 USD
H1B Sponsor Likely
Key skills
TypeScriptPythonRustSmart ContractsBlockchainCommunication
About this role
Mysten Labs is creating foundational infrastructure to accelerate the adoption of decentralized protocols based on blockchain technologies. The Security Engineer will own the operational and software security of the Sui blockchain and related systems, working closely with engineers and serving as the key point of contact for audit engagements and bug bounty reports.
Responsibilities:
- Maintain and improve the custody systems that hold validator keys, operational keys, and important objects for Mysten-run smart contracts and general on-chain operations, including key generation, storage, access controls, signing workflows, aggregation, rotation, and recovery procedures
- Harden the signing path end-to-end: review and improve the code, infrastructure, and operational practices around how transactions are authorized, reviewed, and submitted on-chain
- Build and improve anti-scam and anti-abuse tooling for the Sui ecosystem, detecting phishing sites, malicious dApps, drainer contracts, and other threats that target Sui users, and partnering with wallet ecosystem teams on mitigations
- Conduct code and design reviews of components that interact with sensitive keys or handle on-chain assets, with a focus on cryptographic correctness, access control, and operational safety
- Participate in investigation and response for security issues and incidents that touch custody or ecosystem abuse, and drive concrete fixes that prevent the same class of issue from recurring
Requirements:
- 3+ years of hands-on experience in security engineering, application security, or product security
- Knowledge relevant to key management in production, for example HSMs, cloud KMS, MPC or threshold-signature systems, hardware wallets, or comparable custody infrastructure
- Proficiency in one or more of: Rust, TypeScript, Python, or Move, and experience reviewing and writing security-sensitive code
- Solid understanding of applied cryptography fundamentals and the common ways cryptographic systems are misused in practice
- A builder mentality: comfortable operating with ambiguity, diving into unfamiliar codebases, and shipping the fix yourself rather than handing it off
- Strong written and verbal communication: you can explain a finding or an issue clearly to the engineer who needs to fix it and to a non-technical stakeholder who needs to understand the risk
- Interest in the web3 space is required; prior experience shipping in crypto, fintech, or other regulated/high-stakes environments is a plus