Information Security Engineer, Product

At Aptos Labs we’re pioneering the future of web3 and need a passionate Product Security Engineer to help secure our core technologies. In this role, you’ll be at the forefront of safeguarding our Aptos core infrastructure and Aptos Labs products. Your proactive approach will help us identify and mitigate emerging threats, ensuring our systems remain resilient and trustworthy. You will work closely with our developers, influence security best practices, and lead initiatives that shape the future of web3 security.

• →Analyze and assess novel and recurring security issues via design reviews, code audits, and penetration tests.
• →Design and build security tools, and develop mitigations, frameworks, and hardening strategies tailored for vulnerability prevention and detection.
• →Review and develop secure operational practices, and provide security guidance for engineers.
• →Respond to and triage reports from bug bounty programs.

• B.S. or M.S. in Computer Science, a related technical field, or equivalent experience.
• 3+ years of experience in vulnerability research and exploitation.
• Experience with native development practices and common vulnerability patterns (e.g., Rust, C, etc.)
• Experience with automated security analysis tooling and frameworks (fuzzing, static analysis, etc.)

• Contributions to the security community (public research, blogging, talks in relevant conferences, etc.)
• Experience with virtual machines or complex runtime environments, such as MoveVM (extra bonus), EVM, WASM, or LLVM-based runtimes, including their security models, sandboxing, and execution isolation.
• Familiarity with smart contract programming languages (extra bonus for Move), security tools, and frameworks, including formal verification.