Our client is a regulated blockchain infrastructure provider building secure, scalable Layer-2 solutions (powered by ZKsync Stack) for stablecoin issuance, tokenized real-world assets (RWAs), and institutional DeFi in the UAE.
As Blockchain Security Lead, you will be a core member of the security team responsible for protecting our client’s ecosystem — including on-chain assets, smart contracts, bridges, wallets, nodes, and off-chain infrastructure. This role combines deep Web3 security expertise with enterprise-grade controls, enabling secure scaling of our stablecoin and institutional products while maintaining full regulatory compliance.
You will lead threat modeling, secure development practices, and on-chain monitoring — working closely with engineering and compliance to safeguard billions in digital assets.
This is a high-impact, high-visibility role in one of the UAE’s most trusted Web3 organizations.
Requirements:
5–10+ years in cybersecurity, with 3+ years focused on blockchain/Web3 security.
Deep expertise in smart contract security (Solidity, Rust, Vyper), and common attack vectors (reentrancy, oracle manipulation, flash loans, governance attacks).
Hands-on experience with private key management (MPC, HSM, multisig), wallet security, and custody-grade infrastructure.
Proficiency in on-chain monitoring tools and incident response for blockchain incidents.
Experience leading security audits, pen testing, red-teaming, bug bounties, and secure SDLC processes.
Excellent communication skills — ability to translate technical risks into business/regulatory impact for executives and the board.
Solid understanding of containerized infrastructure, Kubernetes
Familiarity with common vulnerabilities and exploit patterns (e.g., SQLi, XSS, CSRF, SSRF, RCE);
Proven track record securing production infrastructure (and SDLC as a whole). This also includes implementation and maintenance of the following:
SAST/DAST tools;
Infrastructure as Code (IaC) security scanning tools;
Secrets management (any experience with highly secure HSM stores will be highly appreciated);
Responsibilities:
Perform static and dynamic analysis of codebases, including integrating SAST/DAST tools into CI/CD;
Lead end-to-end security (ZKsync-based L2/L3) — including smart contract audits, node/sequencer/prover security, bridge/cross-chain protections, and wallet/custody infrastructure.
Perform threat modeling and risk assessments for new features (e.g., stablecoin mint/burn, RWA tokenization, Shared Bridge migration, Elastic Chain integrations).
Conduct and coordinate internal code reviews; remediate findings with engineering teams.
Design and enforce secure SDLC processes: secure coding standards, pre-release verification (fuzzing, symbolic execution, formal verification where applicable), and work with CISO for security sign-off.
Implement and maintain real-time on-chain monitoring (privileged calls, large transfers, anomalous behavior, oracle manipulation, governance attacks) using tools
Develop and test incident response playbooks for Web3-specific scenarios (key compromise, bridge exploit, sequencer outage, malicious upgrade)
Manage private key & signing security: MPC/HSM-backed wallets, multisig governance (e.g., 3-of-5 or 5-of-7), transaction velocity caps, allowlists, and offline recovery procedures.
Maintain SBOM/dependency scanning.
Collaborate with Bugbounty researcher and mitigate the vulnerabilities resported
Perform penetration testing on the products that we develop internally.
Provide quarterly security posture reports to CISO/ executive leadership.
