About this role
About us
OpenZeppelin is the security standard onchain finance is built on. Founded in 2015, our mission is to accelerate the world's transition to an open financial system, built on open standards and secured by rigorous research.
Our open-source Contract Libraries have facilitated over $35 trillion in onchain value and are used by 10 of the top 10 tokenized money market funds and 9 of the top 10 stablecoins by market cap.
We combine AI-native security tooling with deep research and a decade of audit expertise to support leading institutions and crypto-native teams shaping the next generation of digital assets like DTCC, Fidelity, Coinbase, Uniswap, Aave, the Ethereum Foundation, and many more across the full secure development lifecycle.
Please note: Always refer to OpenZeppelin's official job page for the most accurate information about our open roles, as we have seen multiple third party job sites posting inaccurate information.
The Security Services Team
OpenZeppelin's Security Services team is responsible for the security of the world's leading web3 protocols and top financial institutions building onchain. Our researchers partner with client teams across the full lifecycle of a protocol: working on architecture and design before any code is written, co-creating novel mechanisms and primitives with engineering teams, conducting deep audits of pre-launch codebases, and providing continuous coverage as production systems evolve. Our clients range from emerging projects shipping their first contracts to global financial institutions running production onchain systems at scale.
What you'll be doing
• Review smart contracts for top decentralized applications, blockchain infrastructure and financial institutions before they launch. Find vulnerabilities, prioritize them, and present findings to the client.
• Drive audits independently from start to finish, with AI as your primary collaborator. When useful, partner with another researcher to attack the code together and pressure-test findings.
• Partner with client teams during the design phase of new protocols, analyzing architecture, trust assumptions, and operational constraints before any code is written (Design Reviews, Applied Research engagements).
• Design and help develop smart contracts as part of co-creative engagements with protocol teams, where research, design, specification, and implementation happen together.
• Use AI efficiently throughout the audit process, and build skills, agents, and workflows that compound across the team.
• Conduct open-ended research into cutting-edge blockchain technologies, vulnerability classes, and emerging attack vectors, and contribute findings back to OpenZeppelin's internal knowledge base and to the broader ecosystem.
You have
• Hands-on and practical experience in one or more of the following: software development, cybersecurity, applied mathematics, distributed systems, cryptography, cryptoeconomics or game theory, or DeFi mechanisms.
• Experience designing and developing smart contracts, not only auditing them.
• Strong working knowledge of Solidity and the broader Ethereum / EVM ecosystem (common libraries, frameworks, smart contract patterns).
• Modern AI tooling is central to how you work, not a novelty. You use it daily to expand audit coverage, reason about complex systems, and produce high-quality outputs faster. You evaluate AI-generated code with a critical eye.
• Comfort building and extending your own tooling (skills, agents, prompts, scripts, or full workflows) that the rest of the team can adopt and build on.
• An advanced English level and strong communication skills (oral and written).
Nice to have
• Experience with non-EVM ecosystems and languages, such as Canton, Move (Sui, Aptos), Golang (Cosmos SDK), Cairo (Starknet), Rust-based blockchains (Solana, Stellar), or ZK circuits and cryptography-heavy systems.
• Experience with risk assessment work in the crypto industry (smart contract risk assessment, threat modeling).
• Web2 security expertise (penetration testing, web application security, infrastructure security, or appsec).
• Experience with formal verification, invariant testing, or advanced fuzzing tools (Echidna, Foundry, Halmos, Certora).
• A track record in audit contests (Code4rena, Sherlock, Cantina) or bug bounty platforms (Immunefi, HackerOne).
• Public security research output, such as published findings, blog posts, conference talks, or contributions to open-source security tooling.
Logistics
Our interview process takes place on Google Mee and tends to consist of the following stages:
•
Recruiter call (30 minutes)
•
Manager interview (60 minutes)
•
Technical interview (60 minutes)
•
Paid work trial (code review and smart contract development assessment)
•
Reference checks
Please let us know if you require any accommodations for the interview process, and we’ll do our best to provide assistance.
Benefits
• Company in-person gatherings in different locations around the world 😎
• Fully remote work 🌎
• Flexible time off 🏝
• Paid parental leave 💙
• One time work-from-home equipment stipend of up to $500 USD 🪑
• Medical insurance coverage 🏥
• Learning & Development opportunities 🧠
• Work with a global team in a fast-growing industry 🚀
At OpenZeppelin , we are an equal opportunity employer and we value different perspectives. We are committed to building a diverse workforce. This includes but is not limited to gender, race, sexual orientation, religion, national origin and other characteristics that make each one of us unique. In this uniqueness, we find the most value. Come join us!
Use of AI as part of the recruiting process
As part of OpenZeppelin’s recruitment process, we may use automated tools, including artificial intelligence, to assist in reviewing applications and assessing candidate qualifications. These tools are used to support our People team by identifying relevant skills and experience, and are not used to make decisions solely by automated means. All hiring decisions involve human review. Any personal data provided as part of your application will be processed in accordance with OpenZeppelin’s Data Privacy Notice .
If you have questions about this recruitment process or would like to request human review of your application, please contact us at [email protected].
OpenZeppelin is the security standard onchain finance is built on. Founded in 2015, our mission is to accelerate the world's transition to an open financial system, built on open standards and secured by rigorous research.
Our open-source Contract Libraries have facilitated over $35 trillion in onchain value and are used by 10 of the top 10 tokenized money market funds and 9 of the top 10 stablecoins by market cap.
We combine AI-native security tooling with deep research and a decade of audit expertise to support leading institutions and crypto-native teams shaping the next generation of digital assets like DTCC, Fidelity, Coinbase, Uniswap, Aave, the Ethereum Foundation, and many more across the full secure development lifecycle.
Please note: Always refer to OpenZeppelin's official job page for the most accurate information about our open roles, as we have seen multiple third party job sites posting inaccurate information.
The Security Services Team
OpenZeppelin's Security Services team is responsible for the security of the world's leading web3 protocols and top financial institutions building onchain. Our researchers partner with client teams across the full lifecycle of a protocol: working on architecture and design before any code is written, co-creating novel mechanisms and primitives with engineering teams, conducting deep audits of pre-launch codebases, and providing continuous coverage as production systems evolve. Our clients range from emerging projects shipping their first contracts to global financial institutions running production onchain systems at scale.
What you'll be doing
• Review smart contracts for top decentralized applications, blockchain infrastructure and financial institutions before they launch. Find vulnerabilities, prioritize them, and present findings to the client.
• Drive audits independently from start to finish, with AI as your primary collaborator. When useful, partner with another researcher to attack the code together and pressure-test findings.
• Partner with client teams during the design phase of new protocols, analyzing architecture, trust assumptions, and operational constraints before any code is written (Design Reviews, Applied Research engagements).
• Design and help develop smart contracts as part of co-creative engagements with protocol teams, where research, design, specification, and implementation happen together.
• Use AI efficiently throughout the audit process, and build skills, agents, and workflows that compound across the team.
• Conduct open-ended research into cutting-edge blockchain technologies, vulnerability classes, and emerging attack vectors, and contribute findings back to OpenZeppelin's internal knowledge base and to the broader ecosystem.
You have
• Hands-on and practical experience in one or more of the following: software development, cybersecurity, applied mathematics, distributed systems, cryptography, cryptoeconomics or game theory, or DeFi mechanisms.
• Experience designing and developing smart contracts, not only auditing them.
• Strong working knowledge of Solidity and the broader Ethereum / EVM ecosystem (common libraries, frameworks, smart contract patterns).
• Modern AI tooling is central to how you work, not a novelty. You use it daily to expand audit coverage, reason about complex systems, and produce high-quality outputs faster. You evaluate AI-generated code with a critical eye.
• Comfort building and extending your own tooling (skills, agents, prompts, scripts, or full workflows) that the rest of the team can adopt and build on.
• An advanced English level and strong communication skills (oral and written).
Nice to have
• Experience with non-EVM ecosystems and languages, such as Canton, Move (Sui, Aptos), Golang (Cosmos SDK), Cairo (Starknet), Rust-based blockchains (Solana, Stellar), or ZK circuits and cryptography-heavy systems.
• Experience with risk assessment work in the crypto industry (smart contract risk assessment, threat modeling).
• Web2 security expertise (penetration testing, web application security, infrastructure security, or appsec).
• Experience with formal verification, invariant testing, or advanced fuzzing tools (Echidna, Foundry, Halmos, Certora).
• A track record in audit contests (Code4rena, Sherlock, Cantina) or bug bounty platforms (Immunefi, HackerOne).
• Public security research output, such as published findings, blog posts, conference talks, or contributions to open-source security tooling.
Logistics
Our interview process takes place on Google Mee and tends to consist of the following stages:
•
Recruiter call (30 minutes)
•
Manager interview (60 minutes)
•
Technical interview (60 minutes)
•
Paid work trial (code review and smart contract development assessment)
•
Reference checks
Please let us know if you require any accommodations for the interview process, and we’ll do our best to provide assistance.
Benefits
• Company in-person gatherings in different locations around the world 😎
• Fully remote work 🌎
• Flexible time off 🏝
• Paid parental leave 💙
• One time work-from-home equipment stipend of up to $500 USD 🪑
• Medical insurance coverage 🏥
• Learning & Development opportunities 🧠
• Work with a global team in a fast-growing industry 🚀
At OpenZeppelin , we are an equal opportunity employer and we value different perspectives. We are committed to building a diverse workforce. This includes but is not limited to gender, race, sexual orientation, religion, national origin and other characteristics that make each one of us unique. In this uniqueness, we find the most value. Come join us!
Use of AI as part of the recruiting process
As part of OpenZeppelin’s recruitment process, we may use automated tools, including artificial intelligence, to assist in reviewing applications and assessing candidate qualifications. These tools are used to support our People team by identifying relevant skills and experience, and are not used to make decisions solely by automated means. All hiring decisions involve human review. Any personal data provided as part of your application will be processed in accordance with OpenZeppelin’s Data Privacy Notice .
If you have questions about this recruitment process or would like to request human review of your application, please contact us at [email protected].
Tech stack
RustGo
About OpenZeppelin
OpenZeppelin is hiring for the blockchain security researcher role. NewJob aggregates active openings directly from OpenZeppelin's applicant tracking system, so this listing is current.
More jobs at OpenZeppelin →