Aptos
Application Security Engineer
Job Description
Aptos is a people-first blockchain on a mission to help billions of people achieve universal and fair access to decentralized assets in a safe and scalable way.
Founded by some of the original creators and maintainers that researched, designed, and built the Diem blockchain to serve this purpose, we have dedicated several years toward this mission. We believe the open-source Diem technology we have developed is an important foundation of a safe and scalable web3 world where everyone has more equitable opportunities to grow and access financial assets with lower fees and fewer intermediaries.
Aptos (Ohlone for "The People") encompasses our mission and ethos for why we build.
About the Role
At Aptos Labs we’re pioneering the future of web3 and need a passionate Application Security Engineer to help secure our ecosystem. In this role, you’ll be at the forefront of safeguarding our Aptos core infrastructure and Aptos Labs products. Your proactive approach will help us identify and mitigate emerging threats, ensuring our systems remain resilient and trustworthy. You will work closely with our developers, influence security best practices, and lead initiatives that shape the future of web3 security.
Responsibilities
- Analyze and assess novel and recurring security issues via design reviews, code audits, penetration tests.
- Respond to and triage reports from bug bounty programs.
- Design and build security tools, develop mitigations, frameworks and hardening strategies tailored for vulnerability prevention and detection.
- Review and develop secure operational practices, and provide security guidance for engineers.
Minimum Qualifications
- B.S. or M.S. in Computer Science, a related technical field, or equivalent experience.
- 3+ years of experience in vulnerability research and exploitation.
- Experience with native and web programming languages, development practices, and common vulnerability patterns (e.g. Rust, TypeScript, etc.)
- Experience with automated security analysis tooling and frameworks (fuzzing, static analysis, etc.)
Preferred Qualifications
- Contributions to the security community (public research, blogging, talks in relevant conferences, etc.)
- Familiarity with smart contracts programming languages (extra bonus for Move), security tools and frameworks, including formal verification.
- Experience with order books, perpetual dex, liquidity pools mathematics and broader DeFi protocols.
The base salary range for this full-time position is $150k -$200k. The range displayed on each job posting reflects the minimum and typical maximum target for new hire salaries for the position of a candidate based in the Bay Area at any level. We do hire exceptionally talented professionals with decades of experience in their field. As such, our range may be higher than what is displayed. Our base salary ranges are determined by experience and location, and we hire at all levels for multiple roles. Within the range, individual pay is determined by work location, job-related skills demonstrated during the interviews, working experience, and relevant education or training. Please note that the compensation details listed in role postings reflect the base salary only and do not include equity, tokens, or benefits.
Our Benefits
- 100% insurance premium coverage for medical, dental, and vision for you and your dependents (US Employees)
- Equipment of your choice
- Flexible vacation time, 11 holidays, and floating company days off
- Competitive Salary
- Equity (RSUs) (US employees)
- Protocol Token Grants
- 401k matching (US Employees)
- Fun and inclusive in-person and digital events
Aptos is committed to diversity in the workplace, and we’re proud to be an Equal Opportunity Employer. We do not hire on the basis of race, color, religion, creed, gender, national origin, citizenship, age, disability, veteran status, marital status, pregnancy, parental status, sex, gender expression or identity, sexual orientation, or any other basis protected by local, state or federal law. All employment is decided based on qualifications, merit, and business need.
Aptos
Aptos is an independent Layer 1 blockchain platform focused on safety and scalability driving growth within a decentralized network and developer ecosystem.
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.