Rodeo
ResourcesPartnersSign in

MLabs

Product Security Engineer

Remote
$75k – $85k/yr
Posted 23 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Product Security Engineer

Product Security Engineer

Remote | Full-time

Location: Remote - Remote APAC & EU

Compensation: $75K - $85K

Our client is a fast-growing, enterprise-grade software organization committed to supporting, developing, and servicing a leading open-source, proof-of-stake distributed ledger platform. As an EVM-compatible network built to meet the rigorous demands of global developers and institutions, the platform prioritizes speed, security, stability, and sustainability, and is governed by industry-leading organizations across multiple sectors and regions.

As the platform scales with new protocol upgrades, EVM-compatible services, cross-chain infrastructure, and cryptographic primitives, managing the expanding attack surface is paramount. The Product Security Engineer will be responsible for embedding security directly into the product development lifecycle, ensuring that security remains a first-class property of every protocol upgrade, smart contract, and node shipped to production. This role focuses on hands-on vulnerability discovery, adversarial testing, and proactive threat mitigation before code reaches production.

Key Responsibilities

  • Security Assessments & Threat Modeling: Conduct end-to-end security assessments of blockchain-based systems, spanning cryptographic primitive design, protocol architecture, smart contract implementation, and deployed infrastructure. Own threat modeling and security architecture reviews across all product phases.
  • Vulnerability Discovery & Exploitation: Identify real-world vulnerabilities through rigorous hands-on code reviews, adversarial testing, and the development of proof-of-concept exploits for native services, EVM-compatible contracts, cross-chain bridges, and consensus-layer components.
  • Engineering Partnership: Partner directly with core engineering teams to translate complex cryptographic and protocol-level risks into prioritized, actionable remediation workflows. Define and enforce security gates prior to production deployment.
  • Security Automation & Tooling: Build, scale, and improve security tooling, fuzzing infrastructure, and CI/CD security automation to maximize security coverage efficiently.
  • Research & Mitigation: Track emerging blockchain and Web3 attack patterns, map them to the internal codebase, and drive proactive mitigation strategies.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Core Capabilities & Experience

  • Proven track record of hands-on vulnerability discovery and security testing across blockchain protocols, smart contracts, nodes, and APIs, with a demonstrated ability to identify deep architectural bugs beyond automated scanning.
  • Strong threat modeling and security architecture review experience applied directly to distributed cryptographic systems.
  • Direct experience assessing cross-chain protocols, threshold signature schemes, or other cryptographic systems with complex trust assumptions, including the auditing or breaking of cross-chain bridges.
  • Deep working knowledge of applied cryptography (e.g., BLS signatures, pairing-based schemes, polynomial commitments, and Fiat-Shamir constructions) and the ability to reason about cryptographic failure modes in production environments.
  • Ability to analyze trust model tradeoffs, including state proof, multisig, and oracle attestation models, and evaluate their impact on the broader attack surface.

Functional & Technical Expertise

  • Mastery of blockchain security and secure coding practices across both EVM-compatible and non-EVM chains.
  • Proficiency with security testing tooling, including static analysis, dynamic analysis, and fuzzing, alongside experience developing custom fuzzing harnesses or security test infrastructure.
  • Strong ability to read, review, and audit cryptographic code written in Rust and/or Java.
  • Clear understanding of memory safety, constant-time correctness, secret handling, and the unique security risks at JNI boundaries.

Preferred Qualifications

  • Experience designing and operating grammar-aware fuzzing campaigns against gRPC, JSON-RPC, or protocol-level endpoints.
  • Experience building classifier pipelines to isolate security signals from noise, or building custom security automation tooling.
  • Prior security work focused on Ethereum consensus clients or production threshold signature systems.
  • Experience integrating AI-assisted workflows into security review and triage processes.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Benefits

  • Competitive salary and compensation package.
  • Opportunity to work at the forefront of enterprise Web3 infrastructure and cryptographic innovation.
  • Collaborative, high-caliber engineering environment focused on solving complex, large-scale distributed systems challenges.
  • Flexible working arrangements and comprehensive professional growth opportunities.

Interview Process

The interview pipeline consists of the following stages:

  • Recruiter / HR Screening Call
  • Hiring Manager Interview
  • Technical Interview
  • Technical Assignment
  • Final Interview

Due to the high volume of applications we anticipate, we regret that we are unable to provide individual feedback to all candidates. If you do not hear back from us within 4 weeks of your application, please assume that you have not been successful on this occasion. We genuinely appreciate your interest and wish you the best in your job search.


Commitment to Equality and Accessibility:

At MLabs, we are committed to offer equal opportunities to all candidates. We ensure no discrimination, accessible job adverts, and providing information in accessible formats. Our goal is to foster a diverse, inclusive workplace with equal opportunities for all. If you need any reasonable adjustments during any part of the hiring process or you would like to see the job-advert in an accessible format please let us know at the earliest opportunity by emailing human-resources@mlabs.city.

MLabs Ltd collects and processes the personal information you provide such as your contact details, work history, resume, and other relevant data for recruitment purposes only. This information is managed securely in accordance with MLabs Ltd’s Privacy Policy and Information Security Policy, and in compliance with applicable data protection laws. Your data may be shared only with clients and trusted partners where necessary for recruitment purposes. You may request the deletion of your data or withdraw your consent at any time by contacting legal@mlabs.city.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Blockchain Security
Smart Contract Auditing
Threat Modeling
Applied Cryptography
Vulnerability Discovery
Rust
Java
Fuzzing
Static Analysis
Dynamic Analysis
EVM
Cross-chain Protocols
Security Automation
CI/CD Security
Adversarial Testing
gRPC

Location

United Kingdom

Sign up to applySee more jobs like this