Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Conduct security audits and develop robust security plans for decentralised web projects.
- Company: Join Vac, a pioneering company building protocols for the decentralised web.
- Benefits: Flexible compensation in fiat or crypto, plus opportunities for professional growth.
- Why this job: Make a real impact on Web3 security while working with cutting-edge technologies.
- Qualifications: 5+ years in Web3 security engineering and expertise in secure coding practices.
- Other info: Collaborative environment with a focus on continuous improvement and innovation.
The predicted salary is between 36000 - 60000 £ per year.
About Vac: Vac builds public good protocols for the decentralised web. We do applied research based on which we build protocols, libraries and publications. The Vac Security service unit provides comprehensive support to IFT projects by conducting security audits and helping develop robust security plans. In addition to assisting IFT projects, the security team also supports other IFT services by offering expert guidance on security best practices and risk management strategies. This collaborative approach ensures that all aspects of the IFT ecosystem benefit from enhanced security measures. By identifying potential vulnerabilities, assessing risks, and implementing effective security solutions tailored to specific needs, the Vac Security service unit plays a crucial role in strengthening the overall security posture of IFT.
The role: We are looking for a Security Engineer to join our security service unit. In this role, you’ll perform in-depth reviews of critical code (with a focus on low-level languages like Rust, Nim, and C++), identify both code-level and protocol-level vulnerabilities, and support incident response efforts. You’ll collaborate closely with development teams to remediate security issues and ensure best practices are followed. You’ll also play a key role in preparing for external security audits—defining audit scope, organising technical documentation, and working directly with auditors to ensure valuable and actionable results. This is a hands‑on position for someone passionate about secure software development and proactive risk mitigation.
Key responsibilities:
- Perform in-depth manual and automated reviews of source code (with a focus on low-level languages such as Rust, Nim, and C++) to identify security vulnerabilities and logic flaws.
- Analyse and review critical code paths for potential weaknesses.
- Identify and assess both code-level vulnerabilities (e.g., buffer overflows, injection flaws) and protocol-level issues (e.g., insecure cryptographic implementations, protocol misconfigurations).
- Execute incident response activities, including detection, analysis, containment, and recovery, while documenting findings and lessons learned for continuous improvement.
- Collaborate with development and product teams to remediate identified vulnerabilities, provide security guidance, and ensure secure coding practices are followed.
- Define clear audit objectives and scope for external audits, focusing on the most critical components and protocols.
- Prepare and organise all relevant documentation (architecture diagrams, codebase, threat models, protocol specifications) to facilitate an efficient and valuable external audit process.
- Engage with external auditors early to clarify expectations and provide necessary context, ensuring the audit delivers actionable results.
- Address and remediate issues identified in previous audits, and document improvements to demonstrate ongoing security maturity.
You ideally will have:
- Minimum of 5 years of experience in Web3 security engineering, with proven experience securing blockchain protocols, smart contracts, or cryptographic systems.
- Expertise in secure coding practices, including identification of code/protocol-level vulnerabilities (e.g., buffer overflows, injection attacks) and code analysis/debugging.
- Experience with manual/automated code review techniques and penetration testing in Web3 ecosystems.
- Familiarity with cryptographic protocols, secure protocol design, and blockchain/distributed systems security.
- Incident response capabilities (detection, analysis, containment, recovery).
- Experience collaborating with development/product teams to remediate vulnerabilities, including SSDLC processes and external audit preparation.
- Strong documentation and communication skills for technical materials and stakeholder interactions (internal teams, auditors).
- Deep interest in blockchain technology and decentralisation.
- Experience with static and dynamic analysis tools (e.g. CodeQL, Valgrind).
- Knowledge of formal verification methods and tools.
- Background in penetration testing or red teaming.
- Ability to educate and train others on security best practices.
- Contributions to open-source security projects or published security research.
Hiring process:
- Interview with our POps team.
- Interview with the Vac Security unit lead.
- Take home assignment + discussion with a team member from the Vac Security unit.
- Interview with a Vac team lead.
Compensation: We are happy to pay in any mix of fiat/crypto.
Security Engineer (Web3) employer: IFT
Contact Detail:
IFT Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Security Engineer (Web3)
✨Tip Number 1
Network like a pro! Reach out to folks in the Web3 space, attend meetups, and join online communities. The more connections we make, the better our chances of landing that Security Engineer role.
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your work in securing blockchain protocols or smart contracts. We want to see your hands-on experience and how you tackle vulnerabilities.
✨Tip Number 3
Prepare for those interviews! Brush up on your knowledge of low-level languages like Rust and C++. We need to demonstrate our expertise in identifying code-level vulnerabilities and incident response.
✨Tip Number 4
Apply through our website! It’s the best way to ensure your application gets noticed. Plus, we love seeing candidates who are genuinely interested in joining our mission at Vac.
We think you need these skills to ace Security Engineer (Web3)
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Security Engineer role. Highlight your experience with low-level languages like Rust, Nim, and C++, and showcase any relevant projects or contributions to Web3 security. We want to see how your skills align with what we do at Vac!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about secure software development and how you can contribute to our mission at Vac. Be sure to mention any specific experiences that relate to the responsibilities outlined in the job description.
Showcase Your Technical Skills: In your application, don’t forget to highlight your technical skills, especially around code reviews, vulnerability assessments, and incident response. Mention any tools you’ve used, like CodeQL or Valgrind, as well as your familiarity with cryptographic protocols. We love seeing hands-on experience!
Apply Through Our Website: We encourage you to apply through our website for the best chance of getting noticed. It’s super easy, and you’ll be able to submit all your materials in one go. Plus, it helps us keep track of your application better. We can’t wait to hear from you!
How to prepare for a job interview at IFT
✨Know Your Code Inside Out
Make sure you’re well-versed in the low-level languages mentioned, like Rust, Nim, and C++. Brush up on common vulnerabilities such as buffer overflows and injection flaws. Being able to discuss specific examples from your past work will show that you’re not just familiar with the theory but have practical experience.
✨Understand the Security Landscape
Familiarise yourself with the latest trends and challenges in Web3 security. Be prepared to discuss how you’ve tackled security issues in blockchain protocols or smart contracts before. This will demonstrate your passion for secure software development and proactive risk mitigation.
✨Prepare for the Audit Process
Since the role involves preparing for external audits, think about how you would define audit objectives and scope. Bring examples of documentation you’ve organised in the past, like architecture diagrams or threat models, to showcase your ability to facilitate an efficient audit process.
✨Show Your Collaborative Spirit
The job requires working closely with development teams, so be ready to share experiences where you’ve successfully collaborated to remediate vulnerabilities. Highlight your communication skills and how you’ve educated others on security best practices, as this will resonate well with the team’s collaborative approach.
