Grayson Talent
Website:
graysontalent.com
Job details:
We are looking for a strong Security Operations Engineer who can take full ownership of our security posture, from smart contract risk to cloud infrastructure to application security. This is a high-ownership role. You will define practices, build tooling, lead reviews, and drive a security-first culture across the engineering organisation. If you enjoy solving hard security problems in a fast-moving Web3 environment and want your work to have real, visible impact, this role is for you.
Responsibilities
Smart Contract & Blockchain Security
- Review Solidity smart contracts for common vulnerabilities — reentrancy,
- access control flaws, integer overflow, front-running, and oracle manipulation
- Advise software engineering teams on secure code and architecture for
- smart contract development
- Define and enforce secure development standards for contract upgradability,
- proxy patterns, and privileged role management
- Manage end-to-end engagement with third-party auditors
- Monitor on-chain activity for anomalies using tools like Forta, OpenZeppelin
- Defender, and Tenderly
- Establish and maintain a vulnerability disclosure and bug bounty programme
Research & Innovation
- Track and assess impactful changes to the blockchain space — protocol
- upgrades, emerging EIPs, and novel technologies such as zero-knowledge
- proofs and restaking mechanisms
- Evaluate new integration risks introduced by third-party protocols,
- bridges, and external dependencies
- Share findings with the team through internal write-ups, documentation,
- or external publications and talks where appropriate
Security Tooling & Automation
- Identify opportunities to automate security checks across the development
- lifecycle — from static analysis to on-chain monitoring
- Deliver proof-of-concept implementations for tooling improvements
- Write clear technical requirements so engineering teams can implement and
- maintain security tooling at scale
Key & Wallet Security
- Own secure key management practices — multisig wallets (Gnosis Safe),
- HSMs, and HD wallet derivation standards
- Define operational security workflows for deployer and admin keys across
- testnet and mainnet environments
- Set up and govern timelock and multisig workflows for privileged operations
Infrastructure & Cloud Security
- Own cloud security posture across AWS or GCP — IAM policies, VPC
- hardening, secrets management (HashiCorp Vault or AWS Secrets Manager)
- Integrate security scanning into Terraform pipelines using tools like
- Checkov and tfsec
- Harden CI/CD pipelines against supply chain attacks, secrets leakage,
- and dependency poisoning
- Set up and manage SIEM/SOAR tooling for alerting, log aggregation, and
- incident response
Application & API Security
- Conduct and oversee SAST/DAST for frontend and backend services
- Perform threat modelling for new product features and third-party
- integrations
- Own WAF configuration and DDoS mitigation strategy
- Review third-party SDKs and libraries for supply chain risk
Governance & Process
- Build and maintain security runbooks — incident response playbooks,
- escalation paths, and post-mortem templates
- Define security KPIs and OKRs in collaboration with engineering leadership
- Translate complex security risks into clear, actionable guidance for
- technical and non-technical stakeholders
- Lead security awareness initiatives for the engineering team
Must-Have Skills
Blockchain & Smart Contract Security
- Strong understanding of EVM internals, transaction lifecycle, and mempool
- behaviour
- Hands-on experience reviewing Solidity code for security vulnerabilities
- Familiarity with audit tooling — Slither, Mythril, or Echidna
- Practical knowledge of on-chain fundamentals — blockchain explorers, funds
- tracing, bridging mechanics, DEXs, and NFT contracts
- Applied understanding of cryptographic primitives used in blockchain
- protocols — signing schemes, hash functions, and commitment schemes
Cloud & Infrastructure Security
- Hands-on with AWS or GCP security services (IAM, GuardDuty, Security Hub,
- CloudTrail)
- Experience securing Terraform-based infrastructure pipelines
Application Security
- Solid grounding in OWASP Top 10 and secure development practices
- Experience with SAST/DAST tools and integrating them into CI/CD workflows
- Threat modelling experience across APIs and web applications
Scripting & Automation
- Proficiency in Python or TypeScript for writing security automation,
- monitoring scripts, and internal tooling
Incident Response
- Demonstrated end-to-end experience handling security incidents —
- detection, containment, resolution, and post-mortem
Communication
- Ability to communicate security risk clearly to both technical teams and
- non-technical stakeholders
- Comfortable writing structured findings, runbooks, and technical
- documentation
Good to Have Skills
- Experience with on-chain monitoring tools (Forta, OpenZeppelin Defender,
- Tenderly)
- Familiarity with cross-chain bridge security and wrapped token mechanics
- Exposure to DeFi protocol mechanics — AMMs, liquidity pools, staking,
- and restaking
- Understanding of recent EIPs and their security implications
- Knowledge of advanced cryptographic techniques — zk-SNARKs, MPC, or FHE
- Prior experience with Immunefi or similar crypto bug bounty platforms
- Active participation in Web3 security communities — Code4rena, Sherlock,
- Secureum
- Comfortable using AI and agentic coding tools (Claude Code, Cursor, or
- similar) to improve workflow efficiency
- Certifications: OSCP, CEH, CISSP, or Certified Blockchain Security
- Professional
Click on Apply to know more.