Information Security Engineer, Product

<div class="job__description body"><div><p><span style="font-weight: 400;">Aptos is a people-first blockchain on a mission to help billions of people achieve universal and fair access to decentralized assets in a safe and scalable way.</span></p><br/><p><span style="font-weight: 400;">Founded by some of the original creators and maintainers that researched, designed, and built the Diem blockchain to serve this purpose, we have dedicated several years toward this mission. We believe the open-source Diem technology we have developed is an important foundation of a safe and scalable web3 world where everyone has more equitable opportunities to grow and access financial assets with lower fees and fewer intermediaries.  </span></p><br/><p><span style="font-weight: 400;">Aptos (Ohlone for "The People") encompasses our mission and ethos for why we build.</span></p></div><div><h3>About the Role</h3><br/><p>At Aptos Labs we’re pioneering the future of web3 and need a passionate Product Security Engineer to help secure our core technologies. In this role, you’ll be at the forefront of safeguarding our Aptos core infrastructure and Aptos Labs products. Your proactive approach will help us identify and mitigate emerging threats, ensuring our systems remain resilient and trustworthy. You will work closely with our developers, influence security best practices, and lead initiatives that shape the future of web3 security.</p><br/><h3>Responsibilities</h3><br/><ul><br/><li>Analyze and assess novel and recurring security issues via design reviews, code audits, and penetration tests.</li><br/><li>Design and build security tools, and develop mitigations, frameworks, and hardening strategies tailored for vulnerability prevention and detection.</li><br/><li>Review and develop secure operational practices, and provide security guidance for engineers.</li><br/><li>Respond to and triage reports from bug bounty programs.</li><br/></ul><br/><h3>Minimum Qualifications</h3><br/><ul><br/><li>B.S. or M.S. in Computer Science, a related technical field, or equivalent experience.</li><br/><li>3+ years of experience in vulnerability research and exploitation.</li><br/><li>Experience with native development practices and common vulnerability patterns (e.g., Rust, C, etc.)</li><br/><li>Experience with automated security analysis tooling and frameworks (fuzzing, static analysis, etc.)</li><br/></ul><br/><h3>Preferred Qualifications</h3><br/><ul><br/><li>Contributions to the security community (public research, blogging, talks in relevant conferences, etc.)</li><br/><li>Experience with virtual machines or complex runtime environments, such as MoveVM (extra bonus), EVM, WASM, or LLVM-based runtimes, including their security models, sandboxing, and execution isolation.</li><br/><li>Familiarity with smart contract programming languages (extra bonus for Move), security tools, and frameworks, including formal verification.</li><br/></ul></div><div><p><strong>Our Benefits</strong></p><br/><ul><br/><li style="font-weight: 400;"><span style="font-weight: 400;">100% insurance premium coverage for medical, dental, and vision for you and your dependents (US Employees)</span></li><br/><li style="font-weight: 400;"><span style="font-weight: 400;">Equipment of your choice</span></li><br/><li style="font-weight: 400;"><span style="font-weight: 400;">Flexible vacation time, 11 holidays, and floating company days off </span></li><br/><li style="font-weight: 400;"><span style="font-weight: 400;">Competitive Salary</span></li><br/><li style="font-weight: 400;"><span style="font-weight: 400;">Protocol Token Grants</span></li><br/><li style="font-weight: 400;"><span style="font-weight: 400;">401k matching (US Employees)</span></li><br/><li style="font-weight: 400;"><span style="font-weight: 400;">Fun and inclusive in-person and digital events</span></li><br/></ul><br/><p><em><span style="font-weight: 400;">Aptos is committed to diversity in the workplace, and we’re proud to be an Equal Opportunity Employer. We do not hire on the basis of race, color, religion, creed, gender, national origin, citizenship, age, disability, veteran status, marital status, pregnancy, parental status, sex, gender expression or identity, sexual orientation, or any other basis protected by local, state or federal law. All employment is decided based on qualifications, merit, and business need.</span></em></p><br/><div class="p-client_container"><br/><div class="p-ia4_client_container"><br/><div class="p-ia4_client p-ia4_client--with-search-in-top-nav p-ia4_client--workspace-switcher-rail-visibletest p-ia4_client--narrow-feature-on p-ia4_client--theming"><br/><div class="p-client_workspace_wrapper"><br/><div class="p-client_workspace"><br/><div class="p-client_workspace__layout"><br/><div class="active-managed-focus-container"><br/><div class="p-view_contents p-view_contents--secondary p-view_contents--channel-list-pry"><br/><div class="p-flexpane p-flexpane--iap1 p-flexpane--ia_details_popover" data-qa="threads_flexpane"><br/><div class="p-flexpane__body p-threads_flexpane_container p-flexpane__body--light"><br/><div class="p-file_drag_drop__container p-threads_flexpane"><br/><div class="flex_one no_min_height"><br/><div id="C04PR3PB3EV-1709053205.177889-thread-list-Thread"><br/><div class="c-virtual_list c-virtual_list--scrollbar c-scrollbar c-scrollbar--always_visible" id="C04PR3PB3EV-1709053205.177889-thread-list-Thread"><br/><div class="c-scrollbar__hider" data-qa="slack_kit_scrollbar"><br/><div class="c-scrollbar__child"><br/><div class="c-virtual_list__scroll_container" data-qa="slack_kit_list"><br/><div class="c-virtual_list__item" data-item-key="1709059995.769659" data-qa="virtual-list-item" id="C04PR3PB3EV-1709053205.177889-thread-list-Thread_1709059995.769659"><br/><div class="c-message_kit__background c-message_kit__background--hovered c-message_kit__message c-message_kit__thread_message" data-qa="message_container" data-qa-placeholder="false" data-qa-unprocessed="false"><br/><div class="c-message_kit__hover c-message_kit__hover--hovered" data-qa-hover="true"><br/><div class="c-message_kit__actions c-message_kit__actions--default"><br/><div class="c-message_kit__gutter"><br/><div class="c-message_kit__gutter__right" data-qa="message_content"><br/><div class="c-message_kit__blocks c-message_kit__blocks--rich_text"><br/><div class="c-message__message_blocks c-message__message_blocks--rich_text" data-qa="message-text"><br/><div class="p-block_kit_renderer" data-qa="block-kit-renderer"><br/><div class="p-block_kit_renderer__block_wrapper p-block_kit_renderer__block_wrapper--first"><br/><div class="p-rich_text_block"><br/><div class="p-client_container"><br/><div class="p-ia4_client_container"><br/><div class="p-ia4_client p-ia4_client--with-search-in-top-nav p-ia4_client--workspace-switcher-rail-visibletest p-ia4_client--narrow-feature-on p-ia4_client--theming"><br/><div class="p-client_workspace_wrapper"><br/><div class="p-client_workspace"><br/><div class="p-client_workspace__layout"><br/><div class="active-managed-focus-container"><br/><div class="p-view_contents p-view_contents--primary p-view_contents--channel-list-pry"><br/><div class="p-file_drag_drop__container"><br/><div class="p-workspace__primary_view_body"><br/><div class="p-message_pane p-message_pane--classic-nav p-message_pane--scrollbar-float-adjustment p-message_pane--with-bookmarks-bar" data-qa="message_pane"><br/><div class="c-virtual_list c-virtual_list--scrollbar c-message_list c-message_list--floating c-scrollbar c-scrollbar--fade"><br/><div class="c-scrollbar__hider" data-qa="slack_kit_scrollbar"><br/><div class="c-scrollbar__child"><br/><div class="c-virtual_list__scroll_container" data-qa="slack_kit_list"><br/><div class="c-virtual_list__item" data-item-key="1708738159.211909" data-qa="virtual-list-item" id="1708738159.211909"><br/><div class="c-message_kit__background c-message_kit__background--hovered p-message_pane_message__message c-message_kit__message" data-qa="message_container" data-qa-placeholder="false" data-qa-unprocessed="false"><br/><div class="c-message_kit__hover c-message_kit__hover--hovered" data-qa-hover="true"><br/><div class="c-message_kit__actions c-message_kit__actions--default"><br/><div class="c-message_kit__gutter"><br/><div class="c-message_kit__gutter__right" data-qa="message_content"><br/><div class="c-message_kit__blocks c-message_kit__blocks--rich_text"><br/><div class="c-message__message_blocks c-message__message_blocks--rich_text" data-qa="message-text"><br/><div class="p-block_kit_renderer" data-qa="block-kit-renderer"><br/><div class="p-block_kit_renderer__block_wrapper p-block_kit_renderer__block_wrapper--first"><br/><div class="p-rich_text_block"><br/><blockquote class="c-mrkdwn__quote" data-stringify-type="quote">We are committed to providing a safe and secure hiring process for all applicants. Unfortunately, there are individuals who may attempt to impersonate Aptos or our employees for fraudulent purposes.<br/><strong data-stringify-type="bold">To protect yourself, please be aware of the following:</strong></blockquote><br/><ul class="p-rich_text_list p-rich_text_list__bullet" data-border="1" data-border-radius-bottom-cap="0" data-border-radius-top-cap="0" data-indent="0" data-stringify-type="unordered-list"><br/><li data-stringify-border="1" data-stringify-indent="0">We will <strong data-stringify-type="bold">never</strong> ask you for payment of any kind during the application or onboarding process, including fees for background checks, training, or equipment.</li><br/><li data-stringify-border="1" data-stringify-indent="0">We will <strong data-stringify-type="bold">always</strong> communicate with you using our official company email domain.</li><br/><li data-stringify-border="1" data-stringify-indent="0">We will <strong data-stringify-type="bold">never</strong> request your personal financial information, such as your social security number or bank account details, during the initial application stages or via email or a video/voice call when onboarding.</li><br/></ul><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div><br/></div></div></div>