About The Company

Immunefi exists to protect the future of money. Immunefi is DeFi's last line of defense and leading bug bounty platform, preventing catastrophic hacks before user funds are stolen. Our team is highly specialized, so we’re looking for talented people who are willing to jump right in and use their expertise to help us protect DeFi.

Job Short Description

Summary

If Immunefi is Web3’s last line of defense against catastrophic hacks, the Triage team at Immunefi is the internal intelligence division actively confirming and improving the defense strategy. The Smart Contract Triager role requires timely, appropriate, and thorough response to reported vulnerabilities. We want to bring on a member of the team that provides great service at the high end - if hackers are to trust submitting their critical findings to us, we need to be able to live up to their trust with timely and appropriate responses. Our evaluation of their bugs from a technical perspective is crucial to our ability to properly reward their hard work. At the low end we still need to provide great service - we want to help them grow their capabilities so that a bad bug report today turns into a great one in the future.

Role Responsibilities

Vulnerability Evaluation:

• Review and assess submitted vulnerabilities in smart contracts to determine their validity.
• Prioritize the severity of vulnerabilities based on potential impact, likelihood, and other relevant factors.
• Ability to do analytics of the protocols - like funds at risk calculations - using Dune or bitqueries.
• Reproduce the vulnerability in various frameworks like Foundry, Hardhat, Brownie, etc.

Mediation:

• Review and understand the nature of the dispute, whether it's related to vulnerability assessment, bounty payment, or other aspects of the bug submission.
• Utilize expertise in relevant technologies to assess the validity and severity of the reported vulnerability, ensuring unbiased judgment.
• Work towards a resolution that is perceived as fair and reasonable by both the security researcher and the company.
• Ensure that the mediation process upholds the principles and guidelines of the bug bounty program, fostering trust and reliability within the community.
• Responsible for articulating mediation points with clarity and precision, ensuring that all communications are both concise and transparent. Must employ advanced writing skills to guarantee mutual understanding between parties, recognizing that effective communication is pivotal to successful mediation outcomes.

Communication:

• Provide timely feedback to responsible team members regarding the status of their submission.
• Maintain open lines of communication with relevant internal stakeholders about critical vulnerabilities and their potential impact.

Continuous Learning:

• Stay updated with the latest developments, best practices, and trends in smart contract vulnerabilities and blockchain security.
• Participate in training sessions, workshops, or conferences related to Web3 and blockchain security.

Community Engagement:

• Foster a sense of community and trust among the contributors by being transparent, approachable, and respectful.
• Participate in community events, AMAs, or forums to answer questions, provide guidance, and promote the Bug Bounty Platform.

Collaboration:

• Collaborate with other teams, like public relations or legal, in case of high-profile or sensitive vulnerabilities.

Platform Improvement:

• Provide feedback on the bug bounty platform's processes and tools to ensure they remain efficient and contributor-friendly.
• Suggest improvements or new features that could enhance the experience for contributors and streamline the triage process.

Crisis Management:

• In the case of critical vulnerabilities or public exposures, coordinate with relevant teams to manage the situation, ensuring swift resolution and minimal harm.

Applicant Requirements

Technical Expertise:

• Strong understanding of smart contract development and vulnerabilities.
• Familiarity with blockchain platforms like Ethereum, Optimism, L2s, ZK-Proofs

Prior Experience:

• Must possess a minimum of 2-3 years of experience specifically in Web3 security roles, with a deep understanding of decentralized application vulnerabilities and associated threat landscapes.

Analytical Skills:

• Ability to analyze and categorize vulnerabilities based on severity, potential impact, and exploitation likelihood.

Communication Skills:

• Exceptional written and verbal communication skills to provide clear feedback to security researchers and internal stakeholders.
• Capable of explaining technical details in an understandable manner to non-technical audiences.

Problem Solving:

• Demonstrated ability to collaborate with developers and researchers to devise effective solutions for identified vulnerabilities.

Time Management:

• Capability to prioritize tasks and respond swiftly to critical vulnerabilities, ensuring the platform's timely defense.

Team Player:

• Ability to work collaboratively within an internal team, fostering a positive work environment.
• Open to receiving feedback and continuous learning.

Ethical Standards:

• Adherence to high ethical standards, ensuring confidentiality and integrity in all operations.

Continuous Learning:

• Willingness to stay updated with the latest developments in blockchain technologies, smart contract vulnerabilities, and DeFi trends.

Customer Service Orientation:

• A mindset geared towards assisting and guiding security researchers, promoting a culture of growth and mutual respect.