Security Engineer

Who we are

Mantle Network is an EVM-compatible Ethereum layer 2 (L2) ecosystem designed to enhance scalability and efficiency on the Ethereum blockchain. Our ecosystem encompasses several key elements: Mantle Network, a decentralized autonomous organization (DAO) named Mantle Governance, and an Ether (ETH) liquid staking protocol, Mantle LSP.

Central to our ecosystem is the Mantle token ($MNT), which serves as both the product and governance token, linking the various elements of our network seamlessly.

According to L2BEAT, Mantle Network is ranked as the eighth largest L2 network by total value locked (TVL), establishing it as one of the most prominent L2 solutions in the space. Additionally, Mantle LSP ranks as the fourth largest liquid staking protocol by TVL, as reported by DefiLlama. Mantle also has one of the world's largest treasuries, valued at $3.8 billion, which it leverages effectively to incentivize ecosystem growth.

Your Role

• 负责研发过程中的需求风险识别与安全评审，代码审计，上线前测试以及上线后的风险监测；

• 负责跟进安全漏洞处理和漏洞预警运营，协助业务修复直至漏洞关闭；

• 为开发人员提供安全培训，对代码中的安全问题给出有效的解决方案；

• 对安全事件进行应急响应，及时解决出现的安全问题；

• 持续追踪和运营相关领域情报收集、分析、挖掘，进行风险预警；

• 定期业务部门同步协调，同步最新的安全状态、要求和规范，并与业务部门协同进行落实。

Your Craft

• 本科及以上学历，5年以上渗透和代码审计工作经验；

• 至少掌握一门开发语言（Nodejs、Golang等）；

• 掌握安全应急响应技术与流程；

• 熟悉渗透测试和APT攻防技术，熟悉内网渗透（不限于各类横向越权、免杀技术、隧道穿透技术等）；

• 熟悉常见互联网业务场景安全设计和数据安全最佳实践；

• 熟悉常见加密签名算法、TLS、OAuth、JWT 及相关技术；

• 熟悉常见公链（BTC/ETH等）及数字货币钱包基本工作原理；

• 主动思考，学习能力强。

Extra Credit

• 有威胁建模、SDL/devsecops实践经验；

• 有APT溯源经验；

• 有安全工具、平台的开发经验；

• 有过应急预案定制和响应经验，有持续追踪和运营相关领域情报经验。

If you think you have valuable experience to bring to the organization, but don’t necessarily meet all of the criteria for the role, we still want to hear from you. We consider all applications.