About the Role:

You will work with our team of security experts to leverage the Ethereum blockchain to record audit events and detect and respond to attacks on the World ID system, which leverages an Optimism OP stack L2 chain (the World Chain), Merkle trees, zero knowledge proofs, and smart contracts as part of the global-scale World ID identity service.

About the Team:

Our multidisciplinary team's mission is to detect & respond to attacks against the global-scale identity World ID service, which leverages a unique hardware device (the Orb), infrastructure, APIs, mobile apps, and operations on the Ethereum blockchain to provide privacy-preserving "proof of human". Together, we apply expertise in hardware, cloud infrastructure, application security, mobile devices, intrusion detection, machine learning, AI, blockchain, incident response, and more to solve these novel challenges.

We are building an entirely new automated detection and response system. Right now it needs to protect the 18+ million verified World ID users processing millions of identity and financial transactions a day, and it will need to rapidly scale to protect billions of users using trusted and untrusted hardware, much of which we will not own. We want to publish audit events to the public blockchain for the highest possible transparency and trust of the World ID system. We need to do all this while maintaining the strongest possible privacy protections.

This team works closely with the teams building the core technologies (apps, orbs, network protocols, encryption designs, attestation, etc) because D&R and Privacy are foundational elements of the World Network.

About You

• MUST HAVE: Proven track record of discovering blockchain-based vulnerabilities (e.g., smart contracts) or substantial, successful participation in major Capture The Flag (CTF) security competitions (e.g., DEF CON, PlaidCTF, Google CTF, etc.).
• 5-8 years experience developing and deploying security-related analysis (e.g. intrusion detection, security monitoring, log analysis)
• 2-5 years experience with and detailed understanding of the Ethereum blockchain (protocol level, transaction level)
• Experience with programming and version control (esp. GitHub).
• Willing to participate in an on-call rotation and learn incident handling (or relevant experience)
• Strong critical thinking, communication, and leadership skills
• Comfort working cross-functionally with peer teams to negotiate and reach consensus solutions that improve security and privacy
• Energized by working in a fast-paced, collaborative environment
• If you don't think you meet all of the criteria but still are interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.

Nice-to-Have Skills

• Experience writing smart contract code using Solidity.
• Experience with creating dashboards and analytics in SQL-based environments.
• Experience deploying code to a containerized environment via CI/CD.
• Experience with infrastructure, cloud, mobile (iOS/Android), or hardware security.

What we offer

The reasonably estimated salary for this role at Tools for Humanity ranges from $221,000 - $325,000 plus a competitive long-term incentive package. Actual compensation is based on factors such as the candidate's skills, qualifications, and experience. In addition, Tools for Humanity offers a wide range of best-in-class, comprehensive, and inclusive employee benefits for this role, including healthcare, dental, vision, 401(k) plan and match, life insurance, flexible time off, commuter benefits, professional development stipend, and much more.

If you don't think you meet all of the criteria but are still interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.