Web2 & Mobile Security Researcher

This role offers the chance to lead and shape our Web2 and mobile security research domain within a company that is already recognized as a leader in Web3 security. You will have the opportunity to work alongside world-class researchers, expand our expertise into new areas, and play a key role in defining methodologies, setting standards, and driving impact across cutting-edge technologies.

As a Security Researcher, you will focus on the in-depth analysis of web and mobile applications, performing white-box code reviews to uncover vulnerabilities and security flaws. Your work will include investigating how applications interact with Web3 infrastructures, analyzing integrations with wallets, SDKs, and smart contracts, and identifying risks unique to these environments. You will produce high-quality research, develop proof-of-concepts, and collaborate with developers to ensure secure design and implementation. This role is hands-on and research-driven, offering the opportunity to work on complex real-world systems at the intersection of Web2, mobile, and Web3.

Relevant skills

Requirements:

• 5+ years of hands-on experience in application security or vulnerability research, with a strong focus on white-box code review.
• Demonstrated experience in building or shaping new security domains, practices, or methodologies within an organization.
• Strong background in Web2 application security: OWASP Top 10, authentication/authorization flaws, and logic vulnerabilities.
• Hands-on experience with at least one major programming language: JavaScript/TypeScript, Python, Java/Kotlin, or C#.
• Hands-on experience in mobile application security (iOS/Android), including storage, networking, Memory and key management vulnerabilities.
• Familiarity with security testing tools (SAST/DAST, dependency scanning, fuzzing).
• Ability to clearly document findings, develop proof-of-concepts, and communicate remediation guidance to developers.
• Strong written and verbal communication skills in English.

Advantages:

• Familiarity with Web3 integrations: wallets (MetaMask, WalletConnect), blockchain SDKs (ethers.js, web3.js), and RPC/API providers.
• Understanding of smart contract interactions and common blockchain attack vectors (e.g., replay attacks, transaction signing issues, key management flaws).
• Experience with reverse engineering, fuzzing, or binary analysis.
• Contributions to open-source security tools, research papers, or technical blogs.
• Knowledge of CI/CD pipelines and secure development lifecycle (SDLC) best practices.
• Experience with off-chain systems and data handling, including interaction with backend services, APIs, or databases that support blockchain applications.