Security Engineering Lead
Espresso Systems
Remote
Posted 6+ months ago
Espresso Systems builds foundational infrastructure to power tomorrow’s internet, where digital assets are able to move across chains as easily as info flows across the web. It’s the lead developer of the Espresso Network, the first base layer built from the ground up to provide rollups with the functionality they’ve always needed but never had: fast, secure finality for users’ transactions and seamless composability with other rollups.
Rollups today rely on infrastructure that wasn’t built with them in mind, resulting in their isolation and the fragmentation of users, developers and liquidity within the Ethereum ecosystem. This prevents rollups from achieving the seamless composability that’s essential to web3's vision. Espresso solves this by providing rollups with secure, real-time visibility into what’s happening on all integrated chains, including their own, empowering the apps to execute crosschain interactions immediately without waiting for slow settlement or trusting centralized sequencers.
The Espresso Network is currently live on mainnet in its initial release. In addition to fast confirmations and data availability, rollups seeking further decentralization can also opt to use the Espresso Network as a decentralized sequencer. As the first purpose-built base layer for rollups, Espresso supports a fast-growing ecosystem of interconnected chains regardless of tech stack, VM, or settlement layer—from established chains like Celo and ApeChain to emerging app-specific chains attracting their first users.
At Espresso Systems, we work with leading teams developing rollups and innovating around interoperability, including Offchain Labs, Polygon, Caldera, AltLayer, Cartesi, Across, Hyperlane, and beyond—all united in our mission to build a unified, composable ecosystem where rollups are free to achieve their full potential regardless of where they choose to settle.
The Espresso team comprises a diverse and passionate group of contributors from around the world. We are developers, designers, and researchers who have contributed in academia, open-source communities, policymaking, and beyond. We have raised roughly $60 million from leading investors in technology and crypto, including a16z, Greylock Partners, Electric Capital, Sequoia Capital, and Polychain Capital.
As a Security Engineering Lead on our team, you'll be leading the security and auditing efforts for Espresso's codebase leading up to, and beyond, launch. We are looking for an experienced security engineering and software auditing professional who can lead review processes of our design and codebase. Experience in the domains of EVM smart contracts and/or Rust distributed systems is preferred for this role.
Responsibilities
- Lead security audits of (a subset of) the Espresso codebase
- As a project leader, you will have mobility in how you choose to organize security and audit efforts
- Dive into the code of a fairly complex distributed system, learning and developing an understanding of the system on the fly (with help from the engineering team that built it, of course)
- Coordinate with several engineering teams to aid in your audit, raise concerns and communicate results, and guide the effort to harden the system based on your findings
- Coordinate with, manage, and review the work of external security auditing teams, in certain cases
- Suggest improvements to testing and engineering practices to promote more secure and maintainable code
Requirements
- Solid grasp of software engineering principles, both low-level (e.g. language-specific best practices) and high-level (e.g. reliable software architecture, particularly in distributed systems)
- If focused on Rust: ≥ 1 year experience writing Rust, particularly with async Rust.
- If focused on Solidity: Multiple years experience writing smart contracts; experience with smart contract security audits or formal verification of smart contracts
- Experience as an engineer or software architect in a security-critical industry
- Be capable of describing the stakes, the challenges you've faced in building secure software, and the steps/processes you've taken to mitigate risk
- Experience as an auditor, pentester, QA tester, etc.
- Have a well thought-out approach to testing software and designing it to be testable/auditable
- Ability to think adversarially, and identify potential reliability or security vulnerabilities even in software that is correct in common or “happy path” scenarios
- Experience on the design and/or testing of distributed systems
- Comfort diving into unknowns and asking questions
Preferred
- Knowledge of relevant testing and static analysis tools (e.g. Foundry, Slither) is a plus
- Blockchain knowledge/experience is preferred, but could also be include IoT, automotive, finance, etc.
- Ideally, the candidate should have a general philosophy of software design that has been molded by experience working on security-critical systems
Benefits
- Fully remote with flexible hours
- Work alongside the brightest minds in the crypto space
- Competitive salary + equity package
- Regular team off-sites to international locations
- Unlimited vacation policy
- Top-tier health, dental, and vision coverage for US employees