About ZetaChain

We're building something ambitious at ZetaChain: the first universal blockchain that connects everything—Bitcoin, Ethereum, every chain. We're backed by top investors, live on mainnet, and building the future of blockchain technology. If you're excited about working on big, meaningful problems with a world-class team, you're in the right place.

We are seeking a hands-on Web3 Product Security Engineer to build and lead a security program that protects our ecosystem developers and partners. You’ll be a key member of our security team and responsible for safeguarding the ZetaChain ecosystem and users. 

Why You Want To Work Here

• Impactful Role: Build a top tier security program for the growing ZetaChain ecosystem with all the support you need from senior leadership
• Remote Flexibility: Enjoy the freedom and flexibility of a remote work environment plus quarterly team meet ups to get to know each other in person.
• Cutting-Edge Technology: Work with the latest advancements in blockchain technology cryptography
• Commitment to Open Source: We are committed to supporting open source software and use high quality open source tools internally when possible.

Find out more about our high performance culture.

Job Description

This role will run the ecosystem security program helping independent developers building on the ZetaChain platform keep their applications and users secure. This includes establishing secure by default templates, using automated or AI powered security tools, coordinating audits, and participating in code reviews. 

You’ll work directly with independent third-party developer teams of all sizes to help them securely build and maintain their blockchain applications. These teams are critical to our ecosystem’s growth.

The ideal candidate has a strong background in product security, TypeScript/JavaScript/React programming, and Web3 development, along with deep knowledge of wallet security, dApp threat modeling, and account abstraction (EIP-4337). You should be comfortable acting as both a technical expert and a trusted partner to external teams.

Responsibilities

• Work directly with external ecosystem developers to advise on smart contract, dApp, and wallet security best practices
• Lead or coordinate security audits and penetration tests for ecosystem projects, and drive timely remediation of findings
• Develop and implement innovative security testing that scales across multiple projects 
• Analyze new and emerging dApp and wallet attack vectors (phishing, session hijacking, malicious npm packages, RPC manipulation) 
• Contribute to and help manage the bug bounty programs by validating and triaging reported vulnerabilities
• Create and maintain security guidelines, best practices, and documentation tailored for ecosystem developers

Requirements

• Location:
• Hybrid in San Francisco is preferred (2-3 days a week)
• Open to fully remote for exceptional candidates that align with US Timezones
• 3+ years of experience in cybersecurity, with a focus on blockchain and Web3 technologies
• 2+ years of software development experience working with smart contracts (Ideally Solidity)
• Experience with security tools and techniques specific to blockchain environments
• Deep familiarity with common attack vectors in Web3, such as flash loan attacks, reentrancy, and oracle manipulation
• Strong understanding of Wallet security (EIP-712, SIWE etc), account abstraction (EIP-4337), smart contract vulnerabilities and DeFi-specific risks
• Familiarity with common tools and frameworks like Foundry, Slither, Tenderly, Wagmi, viem, RainbowKit
• Strong analytical and problem-solving skills with attention to detail
• Excellent communication skills and ability to explain complex security concepts to both technical and non-technical audiences

Preferred Qualifications

• Experience with Ethereum, Ton, Solana, SUI, and other major blockchain protocols
• Previous experience auditing code (Solidity, React, Typescript, Rust, Func, etc)
• Contributions to open-source blockchain security tools or research
• Active participation in bug bounty programs or capture-the-flag (CTF) competitions
• Experience implementing and managing automated security testing pipelines
• Familiarity with formal verification techniques for smart contracts
• Understanding of zero-knowledge proofs and their blockchain applications
• Familiarity with emerging AI security practices such as securing MCP servers and manipulating LLMs   

 In-Office Culture

This is a remote position but we will prioritize applicants based in the Bay Area. Many members of our team work hybrid from our San Francisco office, and we aim for 2 to 3 in-office days per week. We know life happens, whether it’s travel, appointments, or family needs and we’re flexible when the schedule needs to shift. The company is a mix of fully remote and hybrid team members. 

Compensation

Base Salary: $150,000 – $210,000 (San Francisco benchmark)
This range reflects base salaries for roles in the San Francisco market. For candidates in other locations, compensation is adjusted to remain competitive within their local market.

In addition to the base salary, all full-time team members receive an additional 10% to 25% in liquid benefits with upside based on role, experience, and impact. We believe in building together and sharing in the long-term success of the network. Compensation packages are designed to be competitive and aligned with the growth of both the team and the ecosystem.

Let’s build the first Universal Blockchain together.