Application Security Engineer

Job Overview

  • Date Posted
    January 17, 2024
  • Location
  • Expiration date
    February 5, 2024

Job Description

*Scroll has a remote-first work culture, our staff base is globally distributed and we are location agnostic. We make hiring decisions based on talent, culture fit and role suitability. If you have the skills and experience requested by this job description then please APPLY!
At Scroll, we operate on the bleeding edge of a fast-moving frontier of zk technology, research and innovation. The Application Security Engineer will be responsible for improving the zkEVM-based zkRollup security, ensuring that Scroll is one of the safest Layer 2’s for projects and users. The role is ideal for an individual who thrives in a start-up environment, a self-starter that is dynamic and comfortable to take on responsibilities and can work effectively within a remote setup.
About Scroll…
Scroll is building an open source, bytecode level compatible zkEVM layer 2 solution for Ethereum. Our mission is to scale Ethereum while maintaining our values of credible neutrality, openness, and community driven.

Responsibilities:

    • As an Application Security Engineer you will audit, evaluate and suggest code improvements to Scroll’s contracts and one of the world’s most complex circuits, the zkEVM;
    • You will triage bug bounty submissions and work with hackers from the community to evaluate and fix confirmed bugs;
    • You will help improve and implement Scroll’s secure software development life cycle;
    • You will contribute to building onchain monitoring to help identify potential security issues before they are exploited;
    • You will work with other security researchers at Scroll and in the community to keep us apprised of the latest threats to layer 2 rollup solutions;
    • You will collaborate externally with the brightest minds in the zk and blockchain communities, while enhancing our brand and visibility within those communities;
    • Come join us, and work alongside other deeply-driven technical minds, in a culture defined by openness, autonomy, and ownership;

Requirements:

    • Knowledge in Solidity is a must and knowledge in EVM is a must;
    • Outstanding coding standards: Proficient in open-source contributions, ensuring code correctness, performance, and maintainability, with strong developer practices;
    • Skilled in code auditing and collaborating well with other developers via tools like Notion and GitHub;
    • Familiar with security tools and code analysis tools;
    • Degree in Computer Science or broad knowledge of computer science and system security;
    • You enjoy collaborating with developers, researchers, and hackers and excel at communicating with them, asynchronously and across cultures. You speak and write (documentation, specs, Slack, etc), clearly and concisely.

Nice to Haves:

    • Understanding of Rust or C++;
    • Knowledge of recent zk proof technology – r1cs, plonkish, AIR, stark;
    • You have successfully participated in a bug bounty program, either as a manager or reporter;
    • Skilled in developing, optimizing, and writing real-world zk circuits, including applications like mixers and signature verification;

About You:

    • You are a self-starter and ability to take ownership, well organised, self-disciplined and effective when working autonomously on tasks and projects;
    • You are responsive, collaborative and committed person with a high work ethic;
    • You are a high class communicator who can articulate their views succinctly on calls or asynchronously in globally distributed, remote teams;
    • You relish working in an agile start-up environment;
    • You are a great listener who understands when to listen first and engages well with colleagues;
    • You are a resilient, driven individual who is willing and able to continually develop and iterate to succeed;

What We Offer:

    • A mission-led, collaborative culture;
    • Opportunity to work with cutting edge technology and like-minded people who are contributing to the progression of Ethereum;
    • Competitive salary package / generous paid time off / annual growth budget;
    • Remote from any location with flexible hours;
    • Home office set up / co-working membership allowance;
    • Private healthcare in selected countries;