Immunefi is Web3’s last line of defense against catastrophic hacks, the Triage team at Immunefi is the internal intelligence division actively confirming and improving the defense strategy.
The Smart Contract Triager role requires timely, appropriate, and thorough responses to reported vulnerabilities. We want to bring on a member of the team that provides great service at the high end - if hackers are to trust submitting their critical findings to us, we need to be able to live up to their trust with timely and appropriate responses.
Our evaluation of their bugs from a technical perspective is crucial to our ability to properly reward their hard work. At the low end, we still need to provide great service - we want to help them grow their capabilities so that a bad bug report today turns into a great one in the future.
- Review incoming Smart Contract vulnerability reports and reproduce issues, assessing the severity and impact of each issue within the context of each organization’s threat model
- Work with hackers to identify missing information in reports, as well as help educate the community when reports are incorrect
- Write a brief summary for each report, including clear reproduction steps, the impact of the issue, and remediation advice
- Coordinate with our Bug Bounty Program team and customers to ensure smooth triage workflows for any programs you work with
- Liaise across & advocate for parties on both sides of the Bug Bounty (Projects & Whitehats), providing advice, support & technical consultation to ensure accuracy of information, fairness of outcome & engagement of users
- Proactively identify and solve issues, as well as accept and quickly respond to delegated work
- You can write top-quality code samples and mini applications to demonstrate the technologies you want to explain
- Familiarity with vulnerability disclosure and bounty programs, including: report formatting and content, confidentiality and disclosure processes, the importance of clear and quick communication between hackers and customers, program policies, etc.
- Ability to prioritize and organize operationally complex work, with great attention to detail
- Deep technical understanding of Smart Contracts, Smart Contract errors & Smart Contract vulnerabilities
- Top notch communication skills: need to be able to firmly, yet politely, respond to non-issues, as well as identify legitimate issues and communicate them to security teams in an easy to understand format
- Technical knowledge around Web3 security: ability to identify and reproduce reported vulnerabilities, as well as assess contextual risk
- Being a fully remote company, we are willing to consider applicants in any area however due to the needs of our current Projects & Whitehats, we require someone taking this role to have a work schedule aligned to Central / Western European Timezones