Senior Hive Member - Blockchain, Cryptography & Digital Asset Offensive Security

The Mission 

At CovertSwarm, we are redefining offensive security through constant, relentless attack. As a Senior Hive Member specialising in blockchain, encryption and digital asset security, you will lead sophisticated offensive security engagements against the systems that move, protect, sign for and settle digital assets. 

This role is focused on environments where cryptography, blockchain infrastructure, financial systems and operational controls intersect. You will assess custody platforms, wallet infrastructure, HSM/MPC/TSS signing services, smart contracts, institutional trading APIs, stablecoin settlement rails, blockchain nodes, tokenisation platforms, cloud environments, CI/CD pipelines and the operational workflows that support them.

This is not a generic offensive security role and it is not limited to smart contract audits. You will take an adversarial view of the full digital asset ecosystem: on-chain, off-chain, cloud, application, cryptographic, operational and human. 

Your work will help clients understand how their most valuable systems could fail under real attack conditions, including unauthorised signing, private key exposure, smart contract exploitation, API abuse, settlement failure, reconciliation breakdown, insider misuse, market disruption or irreversible asset loss. 

 

The Opportunity 

We are looking for an experienced offensive security operator with deep technical curiosity and proven capability across blockchain, cryptography, encryption, secure protocols and complex distributed systems. 

You will lead research-led attack plans against environments similar to those used by institutional digital asset firms, market makers, OTC trading desks, custodians, stablecoin settlement providers, tokenisation platforms and Web3 product teams. 

These environments commonly include: 

• Institutional trading platforms using REST, WebSocket, FIX, RFQ and GUI workflows. 

• Market-making, OTC execution, post-trade settlement and treasury operations. 

• Experience in attacking communication protocols, specifically the Matrix protocol. 

• Stablecoin settlement across Ethereum, Solana, Tron, L2s and other chains. 

• Custody architectures involving hot, warm and cold wallets. 

• HSM, KMS, MPC, threshold signing, multisig and key ceremony workflows. 

• Smart contracts, token contracts, bridges, escrow, governance and DeFi mechanics. 

• Cloud-native infrastructure, Kubernetes, CI/CD, secrets management and privileged access. 

• Operational approval flows, reconciliation systems, audit trails and incident response processes. 

You will be expected to go beyond checklist testing. The role requires someone who can identify how a weakness in one layer - such as cloud IAM, API permissions, CI/CD secrets, wallet policy, signing workflow, approval logic or transaction monitoring - could be chained into a material compromise of digital assets. 

Deep cryptography skills are essential, including the ability to review cryptographic designs, challenge trust assumptions, assess implementation weaknesses, and evaluate key management, encryption, authentication and secure messaging controls from an offensive perspective. 

Strong experience with the Matrix protocol would be extremely beneficial, including federation, end-to-end encryption, identity, homeserver behaviour, client-server and server-server APIs, bridge architectures, and the security implications of decentralised messaging at scale. 

 

What Makes You Great 

You are an experienced offensive security professional who understands that digital asset security is not just about blockchain code. It is about the complete chain of trust: identity, infrastructure, code, keys, APIs, signers, policy engines, approvals, people, operations, monitoring and settlement. 

You are comfortable asking difficult questions, such as: 

• Can a compromised cloud role, API key, CI/CD runner or support account trigger a signing event? 

• Can a transaction be altered, replayed, delayed, reordered or misrouted before approval or broadcast? 

• Can wallet policies be bypassed through edge cases in asset type, chain, limit, quorum, allowlist or emergency workflow? 

• Can a privileged operator, insider or vendor integration abuse approval flows? 

• Can execution and settlement diverge in a way that creates loss or reconciliation blind spots? 

• Can smart contract upgrades, oracle inputs, governance actions or bridge messages change asset-control assumptions? 

• Are logs and alerts sufficient to reconstruct and respond to a signing, withdrawal or settlement incident? 

You combine creative adversarial thinking with disciplined execution. You can prove risk safely, explain impact clearly and recommend practical remediation. 

 

The Human Element 

You have a sharp analytical mind and strong attention to detail. 

You are a natural problem solver who enjoys complex, ambiguous systems where the most important weaknesses often sit between components. 

You communicate clearly and can translate deep technical findings into language that different audiences can act on. 

You are comfortable working with engineers, traders, quants, product teams, security teams, legal, compliance, operations and executives. 

You are self-driven, research-oriented and committed to continuous learning. 

You are a team player who contributes to the collective knowledge of the Swarm and helps others build capability. 

 

What Success Looks Like 

You will be successful in this role if: 

• Clients understand how their blockchain, custody, encryption and settlement environments could realistically be compromised. 

• High-impact vulnerabilities are discovered before adversaries find them. 

• Weaknesses in signing, key management, APIs, smart contracts, settlement and operational controls are translated into clear business risk. 

• CovertSwarm develops a repeatable, high-depth methodology for digital asset offensive security. 

• Our tooling and research improve the way we test wallets, signers, custody systems, trading APIs, stablecoin flows and smart contracts. 

• Fellow Hive members grow their skills through your mentoring, research and technical leadership. 

• Engineering teams trust your technical depth and executives trust your judgement. 

 

The Perks 

Join a team that values both excellence and balance: 

• True remote flexibility - work from anywhere. 

• No report-writing drudgery - we use our custom portal. 

• Unlimited training to keep your skills sharp. 

• Unlimited vacation - because burnout helps no one. 

• Private medical insurance and pension scheme. 

• Conference speaking bonuses. 

• Hardware, software, lab environments, cloud credits and research materials you need to excel. 

• A culture of radical candor, continuous improvement and technical excellence. 

 

The Culture 

At CovertSwarm, we take pride in pushing the boundaries of offensive security. Our team consists of passionate and humble professionals who value creativity, technical depth and delivering results that matter. 

In this role, you will help shape how CovertSwarm attacks and reviews the infrastructure underpinning digital asset markets: keys, signers, wallets, APIs, smart contracts, settlement rails, cloud platforms, control planes and the humans operating them. 

If you want to work at the intersection of offensive security, blockchain, encryption and financial infrastructure, we want to hear from you. 

Ready to join the Swarm? 

Take the next step in your cybersecurity career by applying today. Let’s talk about how your skills, research mindset and offensive capability align with CovertSwarm’s mission to redefine offensive security.