×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Blockchain / Web3 Data Security Security Manager

Product Security Engineer

Job in Indianapolis, Hamilton County, Indiana, 46262, USA
Listing for: P2P
Full Time position
Listed on 2026-06-03
Job specializations:
  • IT/Tech
    Cybersecurity, Blockchain / Web3, Data Security, Security Manager
Salary/Wage Range or Industry Benchmark: 120000 - 150000 USD Yearly USD 120000.00 150000.00 YEAR
Job Description & How to Apply Below
Location: Indianapolis

About Hashgraph:

Hashgraph is a fast-growing software company committed to supporting, developing and servicing Hedera, an open source, proof-of-stake platform. Hedera is EVM-compatible and has been specifically built to meet the needs of enterprise and web3 applications, which require speed, security, stability and sustainability. Hedera’s public network is governed by industry-leading organizations, spanning 11 sectors and 14 regions who oversee the development and direction of the decentralized platform.

The role:

We are hiring a Product Security Engineer to embed security into the product development lifecycle and ensure vulnerabilities are found by us before they are found by others. Hedera is an enterprise-grade distributed ledger securing billions of transactions for global developer and institutions. As the platform grows with new protocol upgrades, EVM-compatible services, cross-chain infrastructure, and cryptographic primitives, the attack surface grows with it.

This role exists to ensure that security is a first-class property of every protocol upgrade, smart contract, and node shipped to production.

In this role, you will:
  • Conduct end-to-end security assessments of blockchain-based systems, from cryptographic primitive design and protocol architecture through smart contract implementation and deployed infrastructure.
  • Find real vulnerabilities through hands‑on review, adversarial testing, and proof‑of‑concept exploit development, not just automated scanning.
  • Design adversarial test cases and proof‑of‑concept exploits for Hedera‑native services, EVM‑compatible contracts, cross‑chain bridges, and consensus‑layer components.
  • Own threat modeling and security architecture reviews across product phases.
  • Define and enforce security gates before new components reach production.
  • Partner directly with engineering teams to translate cryptographic and protocol‑level risks into concrete, prioritised remediation work.
  • Build and improve security tooling, fuzzing infrastructure, and CI/CD security automation to scale security coverage without scaling headcount.
  • Track emerging blockchain and web3 attack patterns, map them to the internal codebase, and drive proactive mitigation before threats materialise.
What success looks like in 6-12 months:
  • Security review processes are integrated across major product development workflows, not bolted on at the end.
  • Security tooling and automated checks are running inside CI/CD pipelines, reducing manual review burden.
  • The vulnerability backlog is prioritised and actively shrinking through structured developer collaboration.
  • Engineering teams have meaningfully improved their working knowledge of web3 attack patterns and secure coding practices.
What you bring:

Core capabilities:

  • Hands‑on vulnerability discovery and security testing across blockchain protocols, smart contracts, nodes, and APIs.
  • A track record of catching real bugs, not just running automated scans.
  • Strong threat modelling and security architecture review experience applied to distributed cryptographic systems.
  • Experience assessing cross‑chain protocols, threshold signature schemes, or other cryptographic systems with complex trust assumptions.
  • Deep working knowledge of applied cryptography, including BLS signatures, pairing‑based schemes, polynomial commitments, and Fiat‑Shamir constructions.
  • Ability to reason about cryptographic failure modes and how they show up in production systems.
  • Direct experience auditing or breaking a cross‑chain bridge.
  • Ability to reason through trust model tradeoffs, including state proof, multisig, and oracle attestation models, and what each means for the attack surface.

Functional expertise:

  • Blockchain security and secure coding practices across EVM‑compatible and non‑EVM chains.
  • Security testing tooling, including static analysis, dynamic analysis, and fuzzing.
  • Experience developing custom fuzzing harnesses or security test infrastructure.
  • Ability to read and audit Rust and/or Java cryptographic code.
  • Understanding of memory safety, constant‑time correctness, secret handling, and security risks at JNI boundaries.

Nice to haves:

  • Experience designing and operating grammar‑aware fuzzing campaigns against gRPC, JSON‑RPC, or protocol‑level endpoints.
  • Experience building classifier pipelines to distinguish security signal from noise.
  • Prior work on Ethereum consensus client security.
  • Prior work on production threshold signature systems.
  • Experience building security automation tooling.
  • Experience integrating AI‑assisted workflows into security review and triage processes.
#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search