Back

GFE-1
Fuzzing Engineer

Role

The Fuzzing Engineer role is tailored to provide direct impact for the projects and institutions that Guardian serves. As a full-time fuzzing engineer, you will be responsible for constructing comprehensive fuzzing suites and collaborating with senior auditors to work through counter examples and create Proof-of-Concepts.

Culture

At Guardian, we are dedicated to delivering unparalleled Smart Contract Security and cultivating a space where you can truly unleash your highest potential.

Here's how our "Culture First" approach manifests:

  • Culture fit: Beyond skill-level, a genuine alignment with our values is paramount. We only onboard individuals who truly resonate with our ethos and want to solve the problem of Smart Contract Security as much as we do.
  • Pushing Each Other: Guardian is where A players come to learn from each other, compete, and reach new heights together.
  • Championing The Team: At Guardian, nobody is bigger than the team — we all have each other’s back and understand that the best way to grow our own slice is to grow the whole pie.

What You’ll Do

  • Create world-class Smart Contract fuzzing suites in Foundry and Echidna to uncover and prevent Critical vulnerabilities that would otherwise risk the loss of millions of dollars.
  • Collaborate closely with peers and protocol developers to battle-test the full scope and nuances of the most influential and targeted Smart Contract systems in the world.
  • Develop and implement proof-of-concept (PoC) exploits for identified high-impact vulnerabilities to demonstrate risk.
  • Stay updated with the latest developments in Solidity and advanced fuzzing techniques.
  • Participate in team knowledge-sharing sessions and contribute to Guardian’s internal knowledge base.
  • When not on engagements, contribute to the creation and refinement of Guardian's security review methodologies and tools.
  • Take “research weeks” to study whatever it is that interests you in DeFi or Security and otherwise recover from high performing engagement weeks.

Expected Results

  • Consistently creates fuzzing suites that reach high coverage and assess 10+ core invariants within limited timeframes.
  • Validates High and Critical issues with PoC’s, sometimes collaborating with senior auditors to do so.
  • Updates fuzzing suites for client remediations, ensuring no counter-examples slip through the cracks.
  • Upholds a standard of security excellence and encourages others to do the same.
  • On engagements roughly 42 weeks of the year. Non-engagement time is taken off or spent reflecting as a team and improving team methodologies and tools.

What We Look For In You

We believe in hiring not just based on credentials, but also on passion and drive. While we do have a set of criteria, we're open to candidates who showcase exceptional talent and drive.

For the Ideal Candidate:

    Experience:

    • ~1 year of Web3 Security experience

    Achievements (At least 1):

    • Uncovered a High or Critical vulnerability through fuzzing methods
    • Exhibits meaningful performance and dedication during private audits.

    Skills:

    • Strong understanding of Ethereum blockchain concepts, DeFi protocols, and associated security risks.
    • Strong understanding and experience with fuzzing concepts.
    • Adept at crafting and testing proof-of-concept exploits.
    • Skilled in effective communication and finding writeups, ensuring clarity and understanding for others.
    • Familiarity and experience with Foundry, Echidna, and Hardhat.

    Traits:

    • Detail-oriented, meticulous.
    • Collaborative mindset, working well within a team and fostering a positive working environment.
    • Proactive in continuous learning, staying updated with the ever-evolving DeFi landscape.
    • Independent thinker, able to generate unique solutions and perspectives without guidance.

    Role Progression

    We believe in creating opportunities to satisfy the largest of ambitions. Show us your potential, and we'll provide you with the opportunities and resources to ascend at Guardian.

    In your form submission below, be sure to include the phrase “red dot” in one of your responses.

    Salary

    • $70,000-$100,000
    • Additional profit sharing after 1 year at the company.

    Benefits

    Flexible Working Hours 💡 - Enjoy the freedom to work remotely and choose the hours that align with your productivity peaks.

    Team Retreats 🏝️ - Don’t just audit together, cultivate meaningful friendships that make fortifying the Web3 ecosystem a fulfilling experience with planned team retreats and get-togethers.

    Paid Time Off (PTO) ✈️ - High performance requires high quality rest. We offer unlimited PTO, the right candidate derives great passion and fulfillment from security research and can manage their time off responsibly.

    Research Weeks 🔬 - Take 10 research weeks a year to focus on whatever you’re interested in and effectively recover from engagement weeks.

    National Holidays 🗓️ - We observe 12 National Holidays, which can be seamlessly adapted into the national holidays in your country.

    No Useless Meetings 📞 - Collaborate with your team as you see fit, enjoy a wide open calendar with abundant focus time.

    Company Culture ❤️ - Our culture thrives on collaboration, inspiring performance, and innovation. We believe in empowering our team members, fostering a space for open dialogue, continuous learning, and mutual respect. Join us in building not just a business, but a community.

    Open Roles

    GSR-1 Security Researcher

    The GSR role is tailored to provide direct impact for the projects and institutions that Guardian serves. As a full-time security researcher, you will focus on what we do best, auditing.

    A GSR-1 Security Researcher is mostly autonomous when it comes to conducting manual analysis while benefiting from senior teammates for guidance.

    GSR-2 Security Researcher

    The GSR role is tailored to provide direct impact for the projects and institutions that Guardian serves. As a full-time security researcher, you will focus on what we do best, auditing.

    The GSR role is tailored to provide direct impact for the projects and institutions that Guardian serves. As a full-time security researcher, you will focus on what we do best, auditing.
    A GSR-2 level Security Researcher is autonomous when it comes to conducting manual analysis, testing, and fuzzing for team engagements, while benefiting from the mentorship of senior team members. Driving a culture of excellence and teamwork, a GSR-2 level Security Researcher is pivotal in propelling the team's progress.

    GSR-3 Security Researcher

    The GSR-3 role is tailored to provide direct impact for the Guardian team and the projects and institutions that Guardian serves. As a full-time security researcher, you will focus on mentoring other Guardians, and leading high impact reviews.

    Playing a central role in Guardian’s Solidity reviews, a level 3 Security Researcher not only ensures top-tier security reviews but also enables other security researchers to learn and grow. Driving a culture of excellence and teamwork, a level 3 Security Researcher is pivotal in propelling the team's progress.