Uncover a new career in web3

Search for open roles in the Sui ecosystem

Offensive Security Engineer - 100% Remote, Blockchain, DeFi



United States
Posted on Friday, December 16, 2022


2022 was the biggest year yet for crypto hacking with $3.8 Billion stolen. Founded in 2019, Halborn was born to solve the always evolving slew of adversarial problems unique to the cryptocurrency industry including but not limited to breaches, social engineering, stolen private keys, and economic hacks. Halborn's clientele are the top tier of web3 native organizations, fortune 500 enterprises and gaming companies.

Culture is a top priority in our 100% remote organization. Halborn is a globally distributed team of 80+, looking to grow our elite team of cybersecurity professionals who value independence, learning, big challenges, and the ability to make big impacts in cutting-edge technologies. The right candidate will be offered a full-time salary and equity. Perks include unlimited vacation days, company laptops, and opportunities for travel. Health Insurance is dependent on the applicant’s country of residence but readily available.


• Conduct realistic adversary simulations from conception through reporting.

• Perform Testing systems, applications, networks and processes.

• Research cutting-edge offensive security techniques.

• Developing tools and exploits.

• Communicate clearly and effectively, both written and orally, the risks that exist and remediations required.

• Work collaboratively and independently on unique or special assignments which may require specialized knowledge and/or experience.

• Comply with Company, Division and Professional ethical standards.


• A passion for the cryptocurrency industry

• Experience in smart contract audits (suggested)

• 5+ years of offensive security experience.

• 2+ years of experience in system administration, application development or network administration.

• Experience using common penetration testing tools, BurpSuite, Metasploit, etc.

• Proficient in at least 1 scripting language.

• Proficiency with common server and workstation operating systems.

• Mastery in testing modern web application languages and frameworks.

• Mastery in testing modern authentication systems and Identity Providers.

• Proficient knowledge of blockchain and smart contract implementations.

• Ability to think critically and identify areas of technical and non-technical risk.

• Ability to write technical reports and communicate technical content to non-technical audiences.

• Relevant security certifications are a plus, but not required (OSCP, OSCE, GPEN, GWAPT, LPT, CISSP).

All candidates who make it past 2nd round will be required to:

  • Pass background and criminal record check

  • Provide x3 relevant references