Uncover a new career in web3

Search for open roles in the Sui ecosystem

Golang Offensive Security Engineer - 100% Remote, Blockchain, DeFi



United States · Europe · Asia · Remote
Posted on Wednesday, March 6, 2024


2022 was the biggest year yet for crypto hacking with $3.8 Billion stolen. Founded in 2019, Halborn was born to solve the always evolving slew of adversarial problems unique to the cryptocurrency industry including but not limited to breaches, social engineering, stolen private keys, and economic hacks. Halborn's clientele are the top tier of web3 native organizations, fortune 500 enterprises and gaming companies.

Culture is a top priority in our 100% remote organization. Halborn is a globally distributed team of 80+, looking to grow our elite team of cybersecurity professionals who value independence, learning, big challenges, and the ability to make big impacts in cutting-edge technologies. The right candidate will be offered a full-time salary and equity. Perks include unlimited vacation days, company laptops, and opportunities for travel. Health Insurance is dependent on the applicant’s country of residence but readily available.


• Conduct realistic adversary simulations from conception through reporting.

• Perform Testing systems, applications, networks and processes.

• Research cutting-edge offensive security techniques.

• Developing tools and exploits.

• Communicate clearly and effectively, both written and orally, the risks that exist and remediations required.

• Work collaboratively and independently on unique or special assignments which may require specialized knowledge and/or experience.

• Comply with Company, Division and Professional ethical standards.


• A passion for the blockchain industry

• 3+ year of experience in application development in Golang (blockchain or smart contract development experience is a plus)

• 2+ years of offensive security experience.

• Experience in WASM/BPF is a plus

• Understanding of system administration and network administration.

• Experience using common penetration testing tools, BurpSuite, Metasploit, etc.

• Practical reverse engineering and fuzzing experience is a plus

• Proficient in at least 1 scripting language.

• Proficiency with common server and workstation operating systems.

• Proficient in testing modern web application languages and frameworks.

• Proficient knowledge of blockchain and smart contract implementations.

• Deep understanding of main Golang-based smart contract runtimes

• Ability to think critically and identify areas of technical and non-technical risk.

• Ability to write technical reports and communicate technical content to non-technical audiences.

• Relevant security certifications are a plus, but not required (OSCP, OSCE, GPEN, GWAPT, LPT, CISSP).

• Basic knowledge of cryptographic primitives such as public/private keys, hash functions and Merkletrees (understand how to use them, not implement them).

• Bonus: Experience working with Ethereum clients.

• Bonus: Experience with Cosmos SDK and good understanding and working knowledge of Tendermint.

• Bonus: Experience with IBC.

• Bonus: Experience working with consensus protocols.

All candidates who make it past 2nd round will be required to:

  • Pass background and criminal record check

  • Provide x3 relevant references