Application Security Engineer - Polygon Labs

About Polygon Labs

Polygon Labs is a global blockchain payments company building and operating infrastructure to move money instantly, reliably, and at internet scale, with the mission to move all money onchain. It is building the Polygon Open Money Stack, an open and integrated stack of services and technologies to instantly and reliably move money anywhere, and put it to work. Its infrastructure has facilitated trillions of dollars in onchain value transfer and supported millions of transactions daily for some of the globe's largest banks, fintechs, enterprises, and consumer applications.

Your Role

Polygon's Application Security team sits at the intersection of every product we ship. With a growing engineering org, an active bug bounty program fielding 30+ open submissions at any given time, and products going live across smart contracts, backend services, and infrastructure simultaneously, the team needs more depth, not a gatekeeper, a builder. You will report directly to the Application Security Lead and work across every engineering team at every stage of development, from sprint planning to post-ship remediation. Your job is to make security scale faster than the attack surface grows.

Your Responsibilities

• Own end-to-end security reviews across smart contracts (Solidity), backend services (Go, TypeScript, Python), and frontend surfaces, producing written findings at the quality level of a top external audit firm, published and used as the internal standard
• Build and ship an agentic security CI/CD pipeline: agent-driven review that runs autonomously against every PR and release candidate, reasons about changes in context, and gets smarter with each deployment
• Design and maintain specialised AI-powered code reviewers tuned to specific vulnerability classes and surfaces, Solidity-aware, protocol-aware, and calibrated to the actual patterns Polygon's products surface
• Triage and manage the bug bounty program: read incoming submissions daily, reproduce valid findings, separate signal from noise, assign severity, and route confirmed issues to engineering with enough context to fix them correctly, using custom AI workflows to maintain rigor at volume
• Follow through on remediation: review proposed fixes, close out resolved findings, and push back where a fix addresses symptoms rather than root cause
• Embed across engineering teams at all stages, sprint planning, design review, feature freeze, post-launch, as a working partner, not a sign-off function
• Lead the team's AI security practice by example: build custom prompt chains, Claude Code workflows, and Codex integrations tailored to specific security tasks, then demo and share them so the whole team's baseline rises

What You'll Need

• Full-stack security fluency across multiple languages: you can drop into an unfamiliar codebase and produce a meaningful review within a day, Solidity, Go, TypeScript, and Python are the surfaces that matter most here
• Smart contract security as a core competency: production experience auditing or building secure Solidity, deep familiarity with EVM internals, common DeFi protocol patterns, and the historical record of smart contract exploits
• Proven AI workflow depth, not just tool usage: you have built custom prompt chains, CI integrations, and task-specific plugins (using tools like Claude Code and Codex) for security work specifically, and you can speak clearly about where AI accelerates and where human judgment is irreplaceable
• Experience making security decisions under real time pressure in a Web3 environment, where speed and rigor have to coexist
• A public portfolio that demonstrates your security thinking: audit reports, bug bounty writeups, research posts, or open-source tooling, something that shows what good looks like when you put your name on it

Preferred Qualifications

• Experience running or contributing to a structured bug bounty program (triage, researcher communication, severity calibration)
• Direct exposure to payments protocols, stablecoin infrastructure, or regulated fintech environments
• Prior work building security tooling that other engineers actually use, not just internal scripts, but something with adoption

Polygon Labs Perks

The goal of the Polygon Labs total rewards program is to support the health and well-being of you and your family. Our comprehensive compensation plan includes the following benefits for our full time employees:

• Remote first global workforce
• Industry leading Medical, Dental and Vision health insurance*
• Company matching 401k with 3% match*
• $1,500 Home Office Set Up Allowance (life-time max)
• $200 Annual AI Allowance Program
• $75 Monthly internet or phone reimbursement
• Flexible Time Off
• Company issued laptop
• Egg freezing, mental health, and employee wellness benefits

*In certain countries medical, dental and vision is fully covered for employees & their dependents. This is country and plan specific.

*401k is for United States employees only

Polygon Labs is committed to a diverse and inclusive workplace and is an equal opportunity employer. We do not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. Polygon Labs is committed to treating all people in a way that allows them to maintain their dignity and independence. We believe in integration and equal opportunity. Accommodations are available throughout the recruitment process and applicants with a disability may request to be accommodated throughout the recruitment process. We will work with all applicants to accommodate their individual accessibility needs.

If you think you have what it takes, but don't necessarily meet every single point on the job description, please still get in touch. We'd love to have a chat and see if you could be a great fit.

Learn More about Polygon Labs

Website |Twitter|Telegram |Reddit |Discord |Instagram |Facebook |LinkedIn