Blockchain Security Specialist

Our client is a regulated blockchain infrastructure provider building secure, scalable Layer-2 solutions (powered by ZKsync Stack) for stablecoin issuance, tokenized real-world assets (RWAs), and institutional DeFi in the UAE.
As Blockchain Security Lead, you will be a core member of the security team responsible for protecting our client’s ecosystem — including on-chain assets, smart contracts, bridges, wallets, nodes, and off-chain infrastructure. This role combines deep Web3 security expertise with enterprise-grade controls, enabling secure scaling of our stablecoin and institutional products while maintaining full regulatory compliance.
You will lead threat modeling, secure development practices, and on-chain monitoring — working closely with engineering and compliance to safeguard billions in digital assets.
This is a high-impact, high-visibility role in one of the UAE’s most trusted Web3 organizations.

• 5–10+ years in cybersecurity, with 3+ years focused on blockchain/Web3 security.

• Deep expertise in smart contract security (Solidity, Rust, Vyper), and common attack vectors (reentrancy, oracle manipulation, flash loans, governance attacks).

• Hands-on experience with private key management (MPC, HSM, multisig), wallet security, and custody-grade infrastructure.

• Proficiency in on-chain monitoring tools and incident response for blockchain incidents.

• Experience leading security audits, pen testing, red-teaming, bug bounties, and secure SDLC processes.

• Excellent communication skills — ability to translate technical risks into business/regulatory impact for executives and the board.

• Solid understanding of containerized infrastructure, Kubernetes

• Familiarity with common vulnerabilities and exploit patterns (e.g., SQLi, XSS, CSRF, SSRF, RCE);

• Proven track record securing production infrastructure (and SDLC as a whole). This also includes implementation and maintenance of the following:

• SAST/DAST tools;

• Infrastructure as Code (IaC) security scanning tools;

• Secrets management (any experience with highly secure HSM stores will be highly appreciated);

• Perform static and dynamic analysis of codebases, including integrating SAST/DAST tools into CI/CD;

• Lead end-to-end security for ADI Chain (ZKsync-based L2/L3) — including smart contract audits, node/sequencer/prover security, bridge/cross-chain protections, and wallet/custody infrastructure.

• Perform threat modeling and risk assessments for new features (e.g., stablecoin mint/burn, RWA tokenization, Shared Bridge migration, Elastic Chain integrations).

• Conduct and coordinate internal code reviews; remediate findings with engineering teams.

• Design and enforce secure SDLC processes: secure coding standards, pre-release verification (fuzzing, symbolic execution, formal verification where applicable), and work with CISO for security sign-off.

• Implement and maintain real-time on-chain monitoring (privileged calls, large transfers, anomalous behavior, oracle manipulation, governance attacks) using tools

• Develop and test incident response playbooks for Web3-specific scenarios (key compromise, bridge exploit, sequencer outage, malicious upgrade)

• Manage private key & signing security: MPC/HSM-backed wallets, multisig governance (e.g., 3-of-5 or 5-of-7), transaction velocity caps, allowlists, and offline recovery procedures.

• Maintain SBOM/dependency scanning.

• Collaborate with Bugbounty researcher and mitigate the vulnerabilities resported

• Perform penetration testing on the products that we develop internally.

• Provide quarterly security posture reports to CISO/ executive leadership.