Scroll is a Layer 2 scaling solution for Ethereum, specifically focusing on zkRollups. Key aspects of Scroll are zkRollup technology, Scalability, Efficiency, Security, and Developer-friendly. Overall, Scroll plays a crucial role in addressing Ethereum's scalability challenges and facilitating the growth of decentralized finance (DeFi) and other blockchain-based applications by providing a scalable and efficient Layer 2 solution.
At Scroll, we operate on the bleeding edge of a fast-moving frontier of zk technology, research and innovation. The Application Security Engineer will be responsible for improving the zkEVM-based zkRollup security, ensuring that Scroll is one of the safest Layer 2’s for projects and users. The role is ideal for an individual who thrives in a start-up environment, a self-starter that is dynamic and comfortable to take on responsibilities and can work effectively within a remote setup.
Responsibilities:
- Establish and maintain security best practices, policies, and procedures across the organization
- Develop and implement the overall security strategy for Scroll's infrastructure, including the node operations, cloud instances, onchain activities, and associated systems
- Oversee the bug bounty program, including final decision-making on bug severity and rewards
- Lead security incident response and coordinate with relevant teams during critical situations
- Lead security reviews of major protocol upgrades and new feature implementations, and coordinate the audit process with external security vendors and audit firms
- Work closely with engineering team to ensure security is built into the development lifecycle from the ground up
- Build and maintain relationships with external security researchers, auditors, and the broader security community
- Represent Scroll's security initiatives in the broader blockchain community through speaking engagements and technical content
Requirements:
- 5+ years of experience in blockchain security, with experience in a leadership role
- Knowledge of Solidity, EVM, Layer 2 scaling solutions, and blockchain
- Experienced in security standards, tools, key management, and cloud security
- Proven track record of building and leading security teams in a fast-paced environment
- Proven ability to communicate complex security concepts to both technical and non-technical stakeholders
- Excellent project management skills and ability to coordinate multiple security initiatives simultaneously
Nice to Haves:
- Contributions to major blockchain security tools or frameworks
- Experience securing other Layer 2 solutions or ZK systems
- Experience with zk proof systems and circuits (r1cs, plonkish, AIR, stark, etc.)
- Track record of publishing security research or contributing to blockchain security standards
- You have successfully participated in a bug bounty program, either as a manager or reporter.
- Previous experience working in the crypto or blockchain space, with a focus on protocol security.
What We Offer
- Mission-Driven, Collaborative, and Innovative Environment: Join a team united by a shared vision, working with like-minded individuals and cutting-edge technology to advance Ethereum and blockchain innovation.
- Comprehensive Compensation and Remote Flexibility: Benefit from a competitive salary package and generous discretionary benefits, while enjoying the remote work from anywhere with flexible hours. Additionally, receive support for your workspace with a home office setup allowance and monthly co-working membership stipend.
- Remote Hiring: For team members outside the US, UK, Canada, and Hong Kong, we engage under an independent consulting arrangement, offering the flexibility of payment (in Fiat, USDC, or etc).
- Private Healthcare Benefits: Private healthcare benefits through the Employer of Record (EoR) are only available in the US, UK, Canada, and Hong Kong.