Web3 Security Triager (AuditAgent & AgentArena)
Job Description
What we're building
Nethermind is building an AI-driven security product line that helps protocols and developers find vulnerabilities earlier, cheaper, and faster:
AuditAgent: AI-assisted smart contract vulnerability detection and insight generation for pre-audits and security workflows.
AgentArena: a platform where multiple independent audit agents run in parallel, with an arbiter/triage layer to deduplicate findings and score severity fairly.
This role is critical to our quality layer: you will validate AI-generated findings, filter out false positives, and ensure customers receive high-signal, actionable security insights.
What we need
A hands-on Web3 Security Triager who can evaluate smart contract vulnerabilities found by AI systems, participate in public audit competitions, and help improve our detection quality over time.
You'll work closely with:
Product and engineering teams building AuditAgent and AgentArena
Security researchers and auditors at Nethermind Security
External protocols and audit competition platforms (Code4rena, Sherlock, Cantina, etc.)
Role & Responsibilities
1) Triage AI-generated findings (AgentArena)
Review and validate vulnerability reports generated by AI agents
Filter false positives to ensure customers receive only high-quality, actionable findings
Classify severity and provide clear reasoning for each decision
Maintain fast turnaround without sacrificing accuracy
2) Run AuditAgent in public audit competitions
Execute AuditAgent on live contests (Code4rena, Sherlock, Cantina, and similar platforms)
Triage the output: validate real bugs, discard noise
Write Proof of Concept (PoC) code for valid findings using AI coding tools
Submit validated findings and track results to measure tool performance
3) Improve detection quality through feedback
Share insights with the product and engineering team on common false positive patterns
Propose new triage strategies, automation ideas, and process improvements
Help build internal benchmarks and quality metrics based on real-world results
4) Document and communicate results (nice to have)
Write internal reports summarizing competition outcomes and tool performance
Contribute to public content (blog posts, case studies) showcasing AuditAgent/AgentArena capabilities
Requirements
Solid understanding of Web3 security: common vulnerability classes in smart contracts (reentrancy, access control, oracle manipulation, etc.)
Proficiency in Solidity: ability to read, understand, and reason about contract logic and potential exploits
Proficiency with AI coding tools: hands-on experience with tools like Cursor, Claude Code, or similar — you should already be using AI to accelerate your workflow
Ability to write PoC exploits: demonstrate valid bugs with working proof-of-concept code (using AI assistance is expected and encouraged)
Strong attention to detail: triage requires careful analysis and clear severity reasoning
Proactive and creative mindset: you'll be expected to suggest improvements, not just execute tasks
Nice to have
Experience with Solana / Rust smart contract security
Prior participation in audit competitions (Code4rena, Sherlock, Immunefi, etc.)
Background in security research or junior auditing roles
Writing skills: ability to clearly document findings or write public-facing content
Familiarity with common security tools (Slither, Foundry, etc.)
Working model
Remote-first, globally distributed team.