Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Conduct security audits and develop robust security plans for decentralised web projects.
- Company: Join Vac, a leader in building public good protocols for the decentralised web.
- Benefits: Flexible payment options in fiat or crypto, competitive salary, and a collaborative work environment.
- Why this job: Make a real impact on Web3 security while working with cutting-edge technologies.
- Qualifications: 5+ years in Web3 security engineering and expertise in secure coding practices.
- Other info: Dynamic team with opportunities for professional growth and contributions to open-source projects.
The predicted salary is between 36000 - 60000 £ per year.
About Vac:
Vac builds public good protocols for the decentralised web. We do applied research based on which we build protocols, libraries and publications. The Vac Security service unit provides comprehensive support to IFT projects by conducting security audits and helping develop robust security plans. In addition to assisting IFT projects, the security team also supports other IFT services by offering expert guidance on security best practices and risk management strategies. This collaborative approach ensures that all aspects of the IFT ecosystem benefit from enhanced security measures. By identifying potential vulnerabilities, assessing risks, and implementing effective security solutions tailored to specific needs, the Vac Security service unit plays a crucial role in strengthening the overall security posture of IFT.
The role:
We are looking for a Security Engineer to join our security service unit. In this role, you will perform in-depth reviews of critical code (with a focus on low-level languages like Rust, Nim, and C++), identify both code-level and protocol-level vulnerabilities, and support incident response efforts. You will collaborate closely with development teams to remediate security issues and ensure best practices are followed. You will also play a key role in preparing for external security audits—defining audit scope, organising technical documentation, and working directly with auditors to ensure valuable and actionable results. This is a hands-on position for someone passionate about secure software development and proactive risk mitigation.
Key responsibilities:
- Perform in-depth manual and automated reviews of source code (with a focus on low-level languages such as Rust, Nim, and C++) to identify security vulnerabilities and logic flaws.
- Analyse and review critical code paths for potential weaknesses.
- Identify and assess both code-level vulnerabilities (e.g., buffer overflows, injection flaws) and protocol-level issues (e.g., insecure cryptographic implementations, protocol misconfigurations).
- Execute incident response activities, including detection, analysis, containment, and recovery, while documenting findings and lessons learned for continuous improvement.
- Collaborate with development and product teams to remediate identified vulnerabilities, provide security guidance, and ensure secure coding practices are followed.
- Define clear audit objectives and scope for external audits, focusing on the most critical components and protocols.
- Prepare and organise all relevant documentation (architecture diagrams, codebase, threat models, protocol specifications) to facilitate an efficient and valuable external audit process.
- Engage with external auditors early to clarify expectations and provide necessary context, ensuring the audit delivers actionable results.
- Address and remediate issues identified in previous audits, and document improvements to demonstrate ongoing security maturity.
You ideally will have:
- Minimum of 5 years of experience in Web3 security engineering, with proven experience securing blockchain protocols, smart contracts, or cryptographic systems.
- Expertise in secure coding practices, including identification of code/protocol-level vulnerabilities (e.g., buffer overflows, injection attacks) and code analysis/debugging.
- Experience with manual/automated code review techniques and penetration testing in Web3 ecosystems.
- Familiarity with cryptographic protocols, secure protocol design, and blockchain/distributed systems security.
- Incident response capabilities (detection, analysis, containment, recovery).
- Experience collaborating with development/product teams to remediate vulnerabilities, including SSDLC processes and external audit preparation.
- Strong documentation and communication skills for technical materials and stakeholder interactions (internal teams, auditors).
- Deep interest in blockchain technology and decentralisation.
- Experience with static and dynamic analysis tools (e.g. CodeQL, Valgrind).
- Knowledge of formal verification methods and tools.
- Background in penetration testing or red teaming.
- Ability to educate and train others on security best practices.
- Contributions to open-source security projects or published security research.
Hiring process:
- Interview with our POps team.
- Interview with the Vac Security unit lead.
- Take home assignment + discussion with a team member from the Vac Security unit.
- Interview with a Vac team lead.
Compensation:
We are happy to pay in any mix of fiat/crypto.
Security Engineer (Web3) in London employer: IFT
Contact Detail:
IFT Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Security Engineer (Web3) in London
✨Tip Number 1
Network like a pro! Get involved in Web3 communities, attend meetups, and engage on platforms like Discord or Twitter. The more people you know, the better your chances of landing that Security Engineer role.
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your work in securing blockchain protocols or smart contracts. This will give potential employers a taste of what you can do and set you apart from the crowd.
✨Tip Number 3
Don’t just apply—follow up! After submitting your application through our website, drop a friendly email to express your enthusiasm. It shows initiative and keeps you on their radar.
✨Tip Number 4
Prepare for interviews by brushing up on common security vulnerabilities and incident response strategies. Be ready to discuss your past experiences and how they relate to the role at Vac. Confidence is key!
We think you need these skills to ace Security Engineer (Web3) in London
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter to highlight your experience in Web3 security engineering. We want to see how your skills align with our needs, so don’t hold back on showcasing your expertise in securing blockchain protocols and smart contracts!
Show Off Your Passion: Let us know why you’re excited about decentralisation and blockchain technology! A genuine interest in the field can really set you apart from other candidates. Share any personal projects or contributions to open-source security that demonstrate your enthusiasm.
Be Clear and Concise: When writing your application, keep it straightforward and to the point. We appreciate clarity, so avoid jargon unless it’s necessary. Make it easy for us to see your qualifications and how they fit with the role.
Apply Through Our Website: We encourage you to submit your application directly through our website. It’s the best way to ensure we receive all your details correctly and gives you a chance to explore more about us while you’re at it!
How to prepare for a job interview at IFT
✨Know Your Code Inside Out
Make sure you’re well-versed in the low-level languages mentioned in the job description, like Rust, Nim, and C++. Brush up on common vulnerabilities such as buffer overflows and injection flaws. Being able to discuss specific examples from your past work will show that you’re not just familiar with the theory but have practical experience.
✨Prepare for Technical Questions
Expect to dive deep into security concepts during your interview. Prepare to explain your approach to incident response and how you’ve handled vulnerabilities in the past. Practising with mock interviews can help you articulate your thought process clearly and confidently.
✨Show Your Collaborative Spirit
Since the role involves working closely with development teams, be ready to discuss how you’ve collaborated in previous roles. Share examples of how you’ve provided security guidance or remediated vulnerabilities together. This will highlight your ability to work as part of a team and your understanding of secure software development.
✨Get Familiar with Audit Processes
Understand the audit process and what it entails. Be prepared to talk about how you would define audit objectives and scope, and how you’ve organised documentation for audits in the past. Showing that you know how to facilitate an efficient audit will set you apart from other candidates.
