Are you ready to be the first line of offense for one of the fastest-growing companies in the Cryptocurrency and Blockchain space? We're looking for a Security Engineering Intern (Red Team Sector) to think like an adversary, break things before attackers do, and help us build a platform our users can trust with their assets.
In crypto, every vulnerability has an immediate, irreversible dollar value attached. That's the bar you'll be operating at.
What you'll be doing
- Offensive security engagements across our web, mobile, API, and microservice surfaces, as well as cloud infrastructure and internal systems.
- Perform application security assessments and penetration tests, with a focus on the attack paths that matter most in a crypto/fintech context: authentication and session handling, wallet and key management flows, transaction integrity, withdrawal and KYC bypasses, business logic abuse, and privilege escalation.
- Conduct manual secure code review on production codebases to find vulnerabilities that scanners miss, with particular attention to financial logic, race conditions, and trust-boundary violations.
- Research emerging threats in Web3, mobile, and cloud — new exploitation techniques, smart contract attack patterns, DeFi exploits, supply chain attacks — and translate them into proactive testing methodologies before they hit production.
- Write robust scripts, automate offensive workflows, and create frameworks that scale red team coverage across a fast-moving codebase.
What we're looking for
- Knowledges in offensive security, penetration testing, or red teaming, with demonstrated hands-on experience in web and mobile application security, through CTF competition or bug bounty engagement.
- Final year at university with degree focusing on Computer Science, Information Systems, Engineering.
- Strong fundamentals in offensive security, application security, and security engineering.
- Strong familiarity with Linux and cloud ecosystems, especially AWS.
- Proficiency with industry-standard tooling: Burp Suite, intercepting proxies, fuzzers, and the broader pentester's toolkit.
- Working knowledge of OWASP (Top 10, ASVS, MASVS), CWE, and modern appsec frameworks.
- A builder's mindset; comfortable scripting and automating in Python, Go, or similar to scale your own work.
- Outstanding written and verbal communication in English, the ability to distill technical nuance into narratives that drive engineering and business change.
- A collaborative spirit, eager to work alongside engineers, researchers, and product teams to embed security into every phase of development.
- Advanced understanding and/or experience working in a Cryptocurrency/Blockchain/Fintech/Finance Trading domain preferred
What’s in it for you
- Hands-on experience across multiple cybersecurity domains
- Mentorship from experienced security professionals
- Exposure to enterprise-grade security tools and technologies
- Opportunity to participate in real security operations and projects
- Potential pathway to full-time employment based on performance
- Flexible schedule to accommodate academic commitments
Duration 3-6 months, with possibility of extension based on performance and mutual agreement.
Find out more about Coinhako here https://www.coinhako.com/ and don't forget to visit our Careers Page https://www.coinhako.com/join-us
By submitting your application to us, you consent to the collection, use, disclosure and processing of your personal data in accordance with our privacy policy, which is accessible at https://www.coinhako.com/legal/sg-1/privacy_policy.
