Back to all jobs
Smart Contract Security Engineer
Remote
RemoteRemoteEngineeringJob Description
Veda is the largest vault infrastructure platform in DeFi, powering the next generation of onchain financial products. Our BoringVault is the most widely used vault standard in DeFi, securing over $5 billion in TVL across 100k+ users and enabling institutions, protocols, and applications to build enterprise-grade yield products at scale.
Role
We're looking for a Smart Contract Security Engineer to serve as a core technical leader on our security team. You'll work directly with our Head of Security and engineering leadership to establish security standards, drive critical audits, and ensure the integrity of infrastructure managing billions in user assets.
This is a high-impact individual contributor role where you'll combine deep technical expertise with meaningful influence over Veda's security posture. You'll own complex security initiatives end-to-end, from architecture review to post-deployment monitoring, while elevating the security capabilities of engineers across the organization.
Key Responsibilities
Security Architecture and Auditing
- Lead end-to-end security audits of Veda's smart contract systems, with focus on the BoringVault architecture, cross-chain bridge integrations, and complex DeFi composability patterns
- Identify novel attack vectors in vault accounting logic, share pricing mechanisms, and multi-strategy capital allocation systems
- Partner with external audit firms to coordinate comprehensive reviews and effectively address findings
Technical Leadership
- Evolve Veda's smart contract security standards, testing methodologies, and deployment practices
- Mentor smart contract engineers on secure coding patterns, gas optimization trade-offs, and defense-in-depth strategies
- Serve as the security subject matter expert in architecture discussions and design reviews
Tooling & Research
- Build and maintain custom security tools including fuzzing harnesses, invariant testing frameworks, and symbolic execution pipelines
- Research emerging attack patterns in DeFi and translate findings into defensive measures
- Contribute to Veda's security knowledge base through internal documentation and post-mortems
Incident Response & Monitoring
- Design and implement real-time monitoring systems for on-chain anomaly detection
- Lead on-chain security incident response when needed, including root cause analysis and remediation
- Maintain security runbooks and escalation procedures for the engineering team
What You'll Bring
- EVM Expertise: Deep understanding of EVM architecture, opcode-level behavior, gas mechanics, and storage patterns.
- Solidity Mastery: 3+ years writing and auditing production Solidity code, with strong instincts for identifying subtle vulnerabilities in complex contract systems
- DeFi Security Experience: Proven track record conducting security audits or vulnerability research in DeFi protocols. You understand composability risks, oracle dependencies, and economic attack vectors
- Audit Methodology: Experience performing comprehensive smart contract audits from threat modeling through remediation validation
- Security Tooling: Hands-on experience with tools like Foundry, Echidna, Slither, Manticore, or similar frameworks for testing and analysis
- Communication: Exceptional written communication skills. You can translate complex technical vulnerabilities into clear, actionable guidance for both technical and non-technical stakeholders
- Proven Security Track Record: Professional experience at a tier-1 audit firm, security role at a leading DeFi protocol, or top placements in competitive audit contests
- Familiarity with MEV infrastructure, mempool analysis, and transaction ordering dependencies
- Understanding of cross-chain security challenges including bridge architecture, message verification, and multi-chain state synchronization
- Track record of discovering high-severity vulnerabilities in production DeFi protocols
Preferred Skills & Experience
- Active participation in security communities (competitive CTFs, bug bounties, or published research)
- Experience with symbolic execution and formal verification methods
- Experience with non-EVM environments (Solana, Move)