Services Industries Cases Company Team Careers Blog Contacts
01 Blockchain
02 Software
03 IT Consulting
04 Design
Fintech
B2B
Healthcare
Agtech
B2G
Retail
Social Media
Logistics
Services
01 Blockchain
02 Software
03 IT Consulting
04 Design
Industries
Fintech
B2B
Healthcare
Agtech
B2G
Retail
Social Media
Logistics
Cases
Company
Team
Careers
Blog
Contacts
Careers /  Blockchain Security Specialist

Blockchain Security Specialist

UAE
Full-time
Job Overview

Vacancy Description

Our client is a regulated blockchain infrastructure provider building secure, scalable Layer-2 solutions (powered by ZKsync Stack) for stablecoin issuance, tokenized real-world assets (RWAs), and institutional DeFi in the UAE.
As Blockchain Security Lead, you will be a core member of the security team responsible for protecting our client’s ecosystem — including on-chain assets, smart contracts, bridges, wallets, nodes, and off-chain infrastructure. This role combines deep Web3 security expertise with enterprise-grade controls, enabling secure scaling of our stablecoin and institutional products while maintaining full regulatory compliance.
You will lead threat modeling, secure development practices, and on-chain monitoring — working closely with engineering and compliance to safeguard billions in digital assets.
This is a high-impact, high-visibility role in one of the UAE’s most trusted Web3 organizations.

Requirements

  • 5–10+ years in cybersecurity, with 3+ years focused on blockchain/Web3 security.
  • Deep expertise in smart contract security (Solidity, Rust, Vyper), and common attack vectors (reentrancy, oracle manipulation, flash loans, governance attacks).
  • Hands-on experience with private key management (MPC, HSM, multisig), wallet security, and custody-grade infrastructure.
  • Proficiency in on-chain monitoring tools and incident response for blockchain incidents.
  • Experience leading security audits, pen testing, red-teaming, bug bounties, and secure SDLC processes.
  • Excellent communication skills — ability to translate technical risks into business/regulatory impact for executives and the board.
  • Solid understanding of containerized infrastructure, Kubernetes
  • Familiarity with common vulnerabilities and exploit patterns (e.g., SQLi, XSS, CSRF, SSRF, RCE);
  • Proven track record securing production infrastructure (and SDLC as a whole). This also includes implementation and maintenance of the following:
  • SAST/DAST tools;
  • Infrastructure as Code (IaC) security scanning tools;
  • Secrets management (any experience with highly secure HSM stores will be highly appreciated);

Would be a plus

  • Expertise in blockchain solutions, VMs, and smart contracts, any prior Solidity experience will be a huge plus;
  • Formal blockchain security certifications (e.g., Certified Blockchain Security Professional, Offensive Security Web Expert – OSWE, or equivalent).
  • Hands-on with formal verification tools (Certora, Scribble) or fuzzing frameworks (Foundry, Echidna).
  • Prior work in regulated financial institutions, VASPs, or stablecoin issuers.
  • Knowledge of Solidity, Rust, Python or Go.

Responsibilities

  • Perform static and dynamic analysis of codebases, including integrating SAST/DAST tools into CI/CD;
  • Lead end-to-end security (ZKsync-based L2/L3) — including smart contract audits, node/sequencer/prover security, bridge/cross-chain protections, and wallet/custody infrastructure.
  • Perform threat modeling and risk assessments for new features (e.g., stablecoin mint/burn, RWA tokenization, Shared Bridge migration, Elastic Chain integrations).
  • Conduct and coordinate internal code reviews; remediate findings with engineering teams.
  • Design and enforce secure SDLC processes: secure coding standards, pre-release verification (fuzzing, symbolic execution, formal verification where applicable), and work with CISO for security sign-off.
  • Implement and maintain real-time on-chain monitoring (privileged calls, large transfers, anomalous behavior, oracle manipulation, governance attacks) using tools
  • Develop and test incident response playbooks for Web3-specific scenarios (key compromise, bridge exploit, sequencer outage, malicious upgrade)
  • Manage private key & signing security: MPC/HSM-backed wallets, multisig governance (e.g., 3-of-5 or 5-of-7), transaction velocity caps, allowlists, and offline recovery procedures.
  • Maintain SBOM/dependency scanning.
  • Collaborate with Bugbounty researcher and mitigate the vulnerabilities resported
  • Perform penetration testing on the products that we develop internally.
  • Provide quarterly security posture reports to CISO/ executive leadership.
Why IdeaSoft

What We Offer

vacancy offer

Competitive compensation

vacancy offer

Social package (24 working days of annual leave and 5 paid sick days)

vacancy offer

Flexible working hours

vacancy offer

Challenging projects in diverse business domains and a variety of tech stacks

vacancy offer

Personal development and professional growth opportunities

vacancy offer

Work with talented, ambitious and family-feel team

vacancy offer

Educational possibilities: corporate courses, knowledge hubs, and in-house English classes

vacancy offer

Compensation for your professional certification & support for your learning activities

vacancy offer

Opportunity to choose IT equipment you like

vacancy offer

Corporate social responsibility

Tamara Mitiagina
Tamara Mitiagina
Head of Recruitment
Send Your CV

Would you like to join us?

Please send your resume for our review, and we will be in touch with you soon.

    Formats: pdf, doc, docx, rtf, ppt, pptx.