Grayson Talent
Website:
graysontalent.com
Job details:
We are looking for a strong DevSecOps Specialist who can take full ownership of our security posture, from smart contract risk to cloud infrastructure to application security. This is a high-ownership role. You will define practices, build tooling, lead reviews, and drive a security-first culture across the engineering organisation. If you enjoy solving hard security problems in a fast-moving Web3 environment and want your work to have real, visible impact, this role is for you.
Responsibilities
Smart Contract & Blockchain Security
- Review Solidity smart contracts for common vulnerabilities — reentrancy, access control flaws, integer overflow, front-running, and oracle manipulation
- Advise software engineering teams on secure code and architecture for smart contract development
- Define and enforce secure development standards for contract upgradability, proxy patterns, and privileged role management
- Manage end-to-end engagement with third-party auditors
- Monitor on-chain activity for anomalies using tools like Forta, OpenZeppelin Defender, and Tenderly
- Establish and maintain a vulnerability disclosure and bug bounty programme
Research & Innovation
- Track and assess impactful changes to the blockchain space — protocol upgrades, emerging EIPs, and novel technologies such as zero-knowledge proofs and restaking mechanisms
- Evaluate new integration risks introduced by third-party protocols, bridges, and external dependencies
- Share findings with the team through internal write-ups, documentation, or external publications and talks where appropriate
Security Tooling & Automation
- Identify opportunities to automate security checks across the development lifecycle — from static analysis to on-chain monitoring
- Deliver proof-of-concept implementations for tooling improvements
- Write clear technical requirements so engineering teams can implement and maintain security tooling at scale
Key & Wallet Security
- Own secure key management practices — multisig wallets (Gnosis Safe), HSMs, and HD wallet derivation standards
- Define operational security workflows for deployer and admin keys across testnet and mainnet environments
- Set up and govern timelock and multisig workflows for privileged operations
Infrastructure & Cloud Security
- Own cloud security posture across AWS or GCP — IAM policies, VPC hardening, secrets management (HashiCorp Vault or AWS Secrets Manager)
- Integrate security scanning into Terraform pipelines using tools like Checkov and tfsec
- Harden CI/CD pipelines against supply chain attacks, secrets leakage, and dependency poisoning
- Set up and manage SIEM/SOAR tooling for alerting, log aggregation, and incident response
Application & API Security
- Conduct and oversee SAST/DAST for frontend and backend services
- Perform threat modelling for new product features and third-party integrations
- Own WAF configuration and DDoS mitigation strategy
- Review third-party SDKs and libraries for supply chain risk
Governance & Process
- Build and maintain security runbooks — incident response playbooks, escalation paths, and post-mortem templates
- Define security KPIs and OKRs in collaboration with engineering leadership
- Translate complex security risks into clear, actionable guidance for technical and non-technical stakeholders
- Lead security awareness initiatives for the engineering team
Must-Have Skills
Blockchain & Smart Contract Security
- Strong understanding of EVM internals, transaction lifecycle, and mempool behaviour
- Hands-on experience reviewing Solidity code for security vulnerabilities
- Familiarity with audit tooling — Slither, Mythril, or Echidna
- Practical knowledge of on-chain fundamentals — blockchain explorers, funds tracing, bridging mechanics, DEXs, and NFT contracts
- Applied understanding of cryptographic primitives used in blockchain protocols — signing schemes, hash functions, and commitment schemes
Cloud & Infrastructure Security
- Hands-on with AWS or GCP security services (IAM, GuardDuty, Security Hub, CloudTrail)
- Experience securing Terraform-based infrastructure pipelines
Application Security
- Solid grounding in OWASP Top 10 and secure development practices
- Experience with SAST/DAST tools and integrating them into CI/CD workflows
- Threat modelling experience across APIs and web applications
Scripting & Automation
- Proficiency in Python or TypeScript for writing security automation, monitoring scripts, and internal tooling
Incident Response
- Demonstrated end-to-end experience handling security incidents — detection, containment, resolution, and post-mortem
Communication
- Ability to communicate security risk clearly to both technical teams and non-technical stakeholders
- Comfortable writing structured findings, runbooks, and technical documentation
Good to Have Skills
- Experience with on-chain monitoring tools (Forta, OpenZeppelin Defender, Tenderly)
- Familiarity with cross-chain bridge security and wrapped token mechanics
- Exposure to DeFi protocol mechanics — AMMs, liquidity pools, staking, and restaking
- Understanding of recent EIPs and their security implications
- Knowledge of advanced cryptographic techniques — zk-SNARKs, MPC, or FHE
- Prior experience with Immunefi or similar crypto bug bounty platforms
- Active participation in Web3 security communities — Code4rena, Sherlock, Secureum
- Comfortable using AI and agentic coding tools (Claude Code, Cursor, or similar) to improve workflow efficiency
- Certifications: OSCP, CEH, CISSP, or Certified Blockchain Security Professional
Click on Apply to know more.