Mysten Labs believes that decentralized and open protocols are the bedrock of the internet of value. This is why at Mysten Labs, we are creating foundational infrastructure to accelerate the adoption of decentralized protocols based on blockchain technologies.

Overview

Security engineers own the operational and software security of the Sui blockchain, wallet, Move language, and other Mysten systems.

Security engineers support and work closely with the engineers working on the sensitive components of these systems. In addition, they are the key points of contact for audit engagements and bug bounty reports.

We are hiring security engineers now as we expand the ecosystem and production services. We have a strong team in protocol security, but we need experts in operational and software security who can help us navigate the challenges of running world class infrastructure.

Responsibilities

• Maintain and improve the custody systems that hold validator keys, operational keys, and important objects for Mysten-run smart contracts and general on-chain operations, including key generation, storage, access controls, signing workflows, aggregation, rotation, and recovery procedures

• Harden the signing path end-to-end: review and improve the code, infrastructure, and operational practices around how transactions are authorized, reviewed, and submitted on-chain

• Build and improve anti-scam and anti-abuse tooling for the Sui ecosystem, detecting phishing sites, malicious dApps, drainer contracts, and other threats that target Sui users, and partnering with wallet ecosystem teams on mitigations.

• Conduct code and design reviews of components that interact with sensitive keys or handle on-chain assets, with a focus on cryptographic correctness, access control, and operational safety

• Participate in investigation and response for security issues and incidents that touch custody or ecosystem abuse, and drive concrete fixes that prevent the same class of issue from recurring

Preferred Qualifications

• 3+ years of hands-on experience in security engineering, application security, or product security.

• Knowledge relevant to key management in production, for example HSMs, cloud KMS, MPC or threshold-signature systems, hardware wallets, or comparable custody infrastructure.

• Proficiency in one or more of: Rust, TypeScript, Python, or Move, and experience reviewing and writing security-sensitive code.

• Solid understanding of applied cryptography fundamentals and the common ways cryptographic systems are misused in practice.

• A builder mentality: comfortable operating with ambiguity, diving into unfamiliar codebases, and shipping the fix yourself rather than handing it off.

• Strong written and verbal communication: you can explain a finding or an issue clearly to the engineer who needs to fix it and to a non-technical stakeholder who needs to understand the risk.

• Interest in the web3 space is required; prior experience shipping in crypto, fintech, or other regulated/high-stakes environments is a plus.

Employment is contingent upon the successful completion of a background check, which may include verification of employment history, education credentials, criminal history, and other relevant information.

Regarding the recent rash of technology job scams: Be aware that emails from genuine Mysten Labs group recruiters will always come from the @mystenlabs.com domain or related subdomains (e.g., mystenlabs.com/careers). Remember: you can always verify positions on our job boards at www.mystenlabs.com/careers.

To support an efficient and fair hiring process, we may use technology-assisted tools, including artificial intelligence (AI), to help identify and evaluate candidates. All hiring decisions are ultimately made by human reviewers.

Our team is remote first and we are hiring across the world. Here at Mysten Labs, you’ll be joining a world-class team with tremendous growth potential as we bring the next billion users to web3. We raised a $300M Series B round from top Silicon Valley led venture funds like Jump Crypto, Andreessen Horowitz (a16z), Binance Labs, Redpoint, Lightspeed, Coinbase Ventures, Electric Capital, Standard Crypto, NFX, Slow Ventures, Scribble Ventures, Samsung Next, Lux Capital, among other investment firms and strategic partners. Come join us and build the future of web3!