Espresso SystemsRemote
Security Engineering Lead
United States of America
Full Time
1 week ago
H1B Sponsor Likely
Key skills
RustAsync RustSoliditySmart contract security auditsFormal verification of smart contractsSoftware architecture - distributed systemsSoftware testingStatic analysis toolsFoundrySlitherSecurity auditingPenetration testingQuality assurance testingBlockchainAdversarial thinkingSmart Contracts
About this role
Espresso Systems is a company that builds foundational infrastructure to power the internet of tomorrow, focusing on seamless cross-chain interactions for digital assets. They are seeking a Security Engineering Lead to oversee security and auditing efforts for their codebase, requiring expertise in EVM smart contracts or Rust distributed systems.
Responsibilities:
- Lead security audits of (a subset of) the Espresso codebase
- As a project leader, you will have mobility in how you choose to organize security and audit efforts
- Dive into the code of a fairly complex distributed system, learning and developing an understanding of the system on the fly (with help from the engineering team that built it, of course)
- Coordinate with several engineering teams to aid in your audit, raise concerns and communicate results, and guide the effort to harden the system based on your findings
- Coordinate with, manage, and review the work of external security auditing teams, in certain cases
- Suggest improvements to testing and engineering practices to promote more secure and maintainable code
Requirements:
- Solid grasp of software engineering principles, both low-level (e.g. language-specific best practices) and high-level (e.g. reliable software architecture, particularly in distributed systems)
- If focused on Rust: ≥ 1 year experience writing Rust, particularly with async Rust
- If focused on Solidity: Multiple years experience writing smart contracts; experience with smart contract security audits or formal verification of smart contracts
- Experience as an engineer or software architect in a security-critical industry
- Be capable of describing the stakes, the challenges you've faced in building secure software, and the steps/processes you've taken to mitigate risk
- Experience as an auditor, pentester, QA tester, etc
- Have a well thought-out approach to testing software and designing it to be testable/auditable
- Ability to think adversarially, and identify potential reliability or security vulnerabilities even in software that is correct in common or 'happy path' scenarios
- Experience on the design and/or testing of distributed systems
- Comfort diving into unknowns and asking questions
- Knowledge of relevant testing and static analysis tools (e.g. Foundry, Slither) is a plus
- Blockchain knowledge/experience is preferred, but could also be include IoT, automotive, finance, etc
- Ideally, the candidate should have a general philosophy of software design that has been molded by experience working on security-critical systems