Application Security Engineer

at iForte Solusi Infotek
🔒 Cybersecurity🔵 Mid-level

Job description

About Vac:

Vac builds public good protocols for the decentralised web. We do applied research based on which we build protocols, libraries and publications.

Vac’s R&D Service Units are integral to supporting IFT (The Institute of Free Technology) projects by researching and developing base components and secure, unbiased protocols.

The Vac Security service unit provides comprehensive support to IFT projects by conducting security audits and helping develop robust security plans. In addition to assisting IFT projects, the security team also supports other IFT services by offering expert guidance on security best practices and risk management strategies. This collaborative approach ensures that all aspects of the IFT ecosystem benefit from enhanced security measures.

By identifying potential vulnerabilities, assessing risks, and implementing effective security solutions tailored to specific needs, the Vac Security service unit plays a crucial role in strengthening the overall security posture of IFT.

The role:

We are looking for an Application Security Engineer to join our security service unit. In this role, you’ll perform in-depth reviews of critical code (with a focus on low-level languages like Rust, Nim, and C++), identify both code-level and protocol-level vulnerabilities, and support incident response efforts.

You’ll collaborate closely with development teams to remediate security issues and ensure best practices are followed. You’ll also play a key role in preparing for external security audits—defining audit scope, organising technical documentation, and working directly with auditors to ensure valuable and actionable results.

This is a hands-on position for someone passionate about secure software development and proactive risk mitigation.

Key responsibilities:

  • Perform in-depth manual and automated reviews of source code (with a focus on low-level languages such as Rust, Nim, and C++) to identify security vulnerabilities and logic flaws.
  • Analyse and review critical code paths for potential weaknesses.
  • Identify and assess both code-level vulnerabilities (e.g., buffer overflows, injection flaws) and protocol-level issues (e.g., insecure cryptographic implementations, protocol misconfigurations).
  • Execute incident response activities, including detection, analysis, containment, and recovery, while documenting findings and lessons learned for continuous improvement.
  • Collaborate with development and product teams to remediate identified vulnerabilities, provide security guidance, and ensure secure coding practices are followed.
  • Define clear audit objectives and scope for external audits, focusing on the most critical components and protocols.
  • Prepare and organise all relevant documentation (architecture diagrams, codebase, threat models, protocol specifications) to facilitate an efficient and valuable external audit process.
  • Engage with external auditors early to clarify expectations and provide necessary context, ensuring the audit delivers actionable results.
  • Address and remediate issues identified in previous audits, and document improvements to demonstrate ongoing security maturity.

You ideally will have:

  • Minimum of 5 years of experience in Web3 security engineering, with proven experience securing blockchain protocols, smart contracts, or cryptographic systems.
  • Proficiency in low-level programming languages (Rust, Nim, C++).
  • Expertise in secure coding practices, including identification of code/protocol-level vulnerabilities (e.g., buffer overflows, injection attacks) and code analysis/debugging.
  • Experience with manual/automated code review techniques and penetration testing in Web3 ecosystems.
  • Familiarity with cryptographic protocols, secure protocol design, and blockchain/distributed systems security.
  • Incident response capabilities (detection, analysis, containment, recovery).
  • Experience collaborating with development/product teams to remediate vulnerabilities, including SSDLC processes and external audit preparation.
  • Strong documentation and communication skills for technical materials and stakeholder interactions (internal teams, auditors).
  • Deep interest in blockchain technology and decentralisation.

Bonus points:

  • Experience with static and dynamic analysis tools (e.g. CodeQL, Valgrind).
  • Knowledge of formal verification methods and tools.
  • Background in penetration testing or red teaming.
  • Ability to educate and train others on security best practices.
  • Contributions to open-source security projects or published security research.

Hiring process:

  • Interview with our POps team.
  • Interview with the Vac Security unit lead.
  • Take home assignment + discussion with a team member from the Vac Security unit.
  • Interview with a Vac team lead.

Compensation:

We are happy to pay in any mix of fiat/crypto.

Share this job:
Please let iForte Solusi Infotek know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

iForte Solusi Infotek logo

iForte Solusi Infotek

  • 7 remote jobs

Latest Jobs at iForte Solusi Infotek

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply