Security Engineer Protocol Contract Runtime

at Pagoda

San Francisco, United States
225 d. ago
About the Job

About The Role:

Pagoda is shepherding a future where NEAR becomes the blockchain operating system. We believe that re-inventing how software is made and distributed is our greatest opportunity to open economic access to those who are not fully integrated into the global economy. Our products empower people to find opportunity, invent new experiences, and collaborate. Let's build an Open Web world. A world where people control their assets, data, and power of governance.

Pagoda’s growing security team is looking for a Security Engineer to partner with our Protocol, contract runtime team. This position will be primarily responsible for identifying, analyzing, solutioning, and accounting for security as it pertains to NEAR’s contract runtime; embedded within Pagoda’s contract runtime team and reporting to Pagoda’s CISO.

As Security Engineer you will work closely with the contract runtime team to make sure that NEAR’s WebAssembly runtime is secure, robust, and performant. You will work on the security of WebAssembly compilers and NEAR’s smart contract execution environment.

A core component of the NEAR blockchain is a WebAssembly virtual machine ( that runs in a completely trustless and fully deterministic mode, as it executes smart contracts implemented in WebAssembly-friendly languages (Rust and Javascript, for example) using a fast compiler.

Performance and safety optimizations of WebAssembly VMs/compilers are a primary focus of Pagoda’s runtime team. This enhances not only the NEAR blockchain, but the entire WebAssembly ecosystem.

What You'll Be Doing:

  • Supporting the Protocol team to solve cutting-edge compiler and VM problems related to safe, deterministic and high-performance compilation and execution
  • Set up testing infrastructure to ensure the security of contract runtime
  • Security audit of the contract runtime code
  • Handle security vulnerability reports that are related to contract runtime
  • Analyze risk and maintain a registry and remediation/improvement roadmap as it pertains to the contract runtime and WebAssembly.

What We're Looking For:

  • Development or software engineering experience and a deep passion for information security
  • Strong security engineering background and programming experience
  • Experience with a modern system programming language (eg C++, Rust)
  • Demonstrated experience evaluating code for vulnerabilities and weaknesses
  • Familiarity with low-level programming, operating systems, and virtual machines, experience with WebAssembly is a plus
  • Practical experience of security analysis tools such as: fuzzing, SAST scanners, linters etc
  • Experience in securing large scale distributed systems
  • Strong communication skills and ability to work with remote teams
  • Results & goal orientated

We'd Love If You Have:

  • A passion for security and Web3
  • Experience in a start-up environment

Here’s What Our Interview Process Looks Like:

Depending on calendar availability, from the first stage to the final stage, we do our best to keep the entire process to under three weeks. Our interviews take place via Zoom and typically consists of the following stages:

  • Internal Recruiter Call (30 minutes)
  • Meet with the Hiring Manager (30-45 minutes)
  • Technical Interviews (3 x 60 minutes)
  • Pagoda Interview (30 to 45 minutes)

Please let us know if you require any special requirements for your interview and we’ll do our best to accommodate.

Ideal Location For This Role

This is a fully remote role, so that your timezone matches or overlaps with our leadership for this role, you’ll ideally be located in the United States or Europe.