← Back to all jobs

Security Engineer - Mysten Labs

Fully remote

Engineering
Remote (US)
Added
Locations
Type
Full-time

Apply through Sailonchain

Visit job opening page

Tagged as

suimoverust

Mysten Labs believes that decentralized and open protocols are the bedrock of the internet of value. This is why at Mysten Labs, we are creating foundational infrastructure to accelerate the adoption of decentralized protocols based on blockchain technologies.

Overview

Security engineers own the operational and software security of the Sui blockchain, wallet, Move language, and other Mysten systems.

Security engineers support and work closely with the engineers working on the sensitive components of these systems. In addition, they are the key points of contact for audit engagements and bug bounty reports.

We are hiring security engineers now as we expand the ecosystem and production services. We have a strong team in protocol security, but we need experts in operational and software security who can help us navigate the challenges of running world class infrastructure.

Responsibilities

  • Maintain and improve the custody systems that hold validator keys, operational keys, and important objects for Mysten-run smart contracts and general on-chain operations, including key generation, storage, access controls, signing workflows, aggregation, rotation, and recovery procedures
  • Harden the signing path end-to-end: review and improve the code, infrastructure, and operational practices around how transactions are authorized, reviewed, and submitted on-chain
  • Build and improve anti-scam and anti-abuse tooling for the Sui ecosystem, detecting phishing sites, malicious dApps, drainer contracts, and other threats that target Sui users, and partnering with wallet ecosystem teams on mitigations.
  • Conduct code and design reviews of components that interact with sensitive keys or handle on-chain assets, with a focus on cryptographic correctness, access control, and operational safety
  • Participate in investigation and response for security issues and incidents that touch custody or ecosystem abuse, and drive concrete fixes that prevent the same class of issue from recurring

Preferred Qualifications

  • 3+ years of hands-on experience in security engineering, application security, or product security.
  • Knowledge relevant to key management in production, for example HSMs, cloud KMS, MPC or threshold-signature systems, hardware wallets, or comparable custody infrastructure.
  • Proficiency in one or more of: Rust, TypeScript, Python, or Move, and experience reviewing and writing security-sensitive code.
  • Solid understanding of applied cryptography fundamentals and the common ways cryptographic systems are misused in practice.
  • A builder mentality: comfortable operating with ambiguity, diving into unfamiliar codebases, and shipping the fix yourself rather than handing it off.
  • Strong written and verbal communication: you can explain a finding or an issue clearly to the engineer who needs to fix it and to a non-technical stakeholder who needs to understand the risk.
  • Interest in the web3 space is required; prior experience shipping in crypto, fintech, or other regulated/high-stakes environments is a plus.

Employment is contingent upon the successful completion of a background check, which may include verification of employment history, education credentials, criminal history, and other relevant information.

Regarding the recent rash of technology job scams: Be aware that emails from genuine Mysten Labs group recruiters will always come from the @mystenlabs.com domain or related subdomains (e.g., mystenlabs.com/careers). Remember: you can always verify positions on our job boards at www.mystenlabs.com/careers.

To support an efficient and fair hiring process, we may use technology-assisted tools, including artificial intelligence (AI), to help identify and evaluate candidates. All hiring decisions are ultimately made by human reviewers.

Our team is remote first and we are hiring across the world. Here at Mysten Labs, you’ll be joining a world-class team with tremendous growth potential as we bring the next billion users to web3. We raised a $300M Series B round from top Silicon Valley led venture funds like Jump Crypto, Andreessen Horowitz (a16z), Binance Labs, Redpoint, Lightspeed, Coinbase Ventures, Electric Capital, Standard Crypto, NFX, Slow Ventures, Scribble Ventures, Samsung Next, Lux Capital, among other investment firms and strategic partners. Come join us and build the future of web3!

Go to job page

Apply for this position

Want to apply directly from the platform? Please use the form below.

Apply through SailOnChain

Connect your wallet to unlock the application form, as well as future benefits and rewards.

Or apply directly on the company's website via the link above.

Share job

Want to learn more about how the process works?

Read the documentation for information on the application process.

View Documentation
Apply at Mysten Labs
Apply Now →

Explore more jobs

More Engineering jobsMore jobs at Mysten LabsMore jobs in Remote (US)

More from Mysten Labs

Similar roles you may like