logo inner

Senior Systems Security Engineer and Vulnerability Researcher

DFINITYOnsite

We are seeking an experienced Senior Systems Security Engineer & Vulnerability Researcher with deep expertise in OS security, container security, hypervisor security, and process sandboxing. The role requires robust offensive security skills in identifying and exploiting vulnerabilities, particularly within the Internet Computer (IC) platform and its execution environments.
The ideal candidate will conduct thorough security research, perform vulnerability assessments, develop exploits, and continuously monitor/improve security posture of the IC platform.This is a hybrid-onsite position (onsite 3x per week), based out of our new office in the heart of San Francisco.

Key Responsibilities:


Hypervisor & Virtualization Security


  • Research and mitigate security risks in QEMU-based virtualization, VM isolation, and guest-to-host escape vulnerabilities.
  • Analyze attack surfaces within virtual machines, hypervisors, and inter-VM communication mechanisms.
  • Develop and test exploit techniques targeting hypervisor weaknesses, side-channel leaks, and container escapes.
  • Design and enhance secure VM execution models and Trusted Execution Environments (TEE) using AMD SEV-SNP to enforce strong VM isolation, protect workloads from compromised hypervisors, and ensure memory confidentiality and integrity.

Operating System & Process Isolation Security


  • Strengthen Linux OS security, including process isolation, sandboxing, and syscall filtering.
  • Improve Mandatory Access Control (MAC) policies (SELinux) to enforce stricter access controls.
  • Research and refine sandboxing strategies to contain untrusted processes. Assess process sandboxing techniques to contain untrusted execution
  • Identify and mitigate kernel privilege escalation vectors, particularly in containerized and virtualized environments.

Vulnerability Research & Exploit Development


  • Perform reverse engineering, binary analysis, and fuzzing to uncover vulnerabilities across OS, hypervisor, and VM execution layers.
  • Develop proof-of-concept (PoC) exploits to validate security threats and recommend mitigation strategies
  • Analyze and improve secure boot mechanisms, firmware security, and disk encryption strategies for virtualized environments.

Security Hardening & Mitigations


  • Work closely with engineers to design and implement hypervisor and VM security mitigations.
  • Research and propose hardened runtime environments that defend against modern attack techniques.
  • Track emerging threats in virtualization security, container security, and OS sandboxing.

Red Team Strategy & Execution


  • Lead and design sophisticated Red Team operations targeting Internet Computer Protocol, governance, subnets, nodes, and system dApps.
  • Develop adversary emulation plans to test both platform and infrastructure defenses, identifying weaknesses before they can be exploited.

Requirements:


  • Deep understanding of Linux security internals, including kernel attack surfaces, syscall security, privilege separation and process isolation
  • Expertise in QEMU/KVM security, including guest-to-host escapes, hypervisor hardening, and VM isolation techniques.
  • Hands-on experience analyzing hypervisor-level attacks, VM escape techniques, and virtualization security mitigations.
  • Understanding of side-channel vulnerabilities (e.g., Spectre, Meltdown, L1TF, MDS) affecting virtualization environments.
  • Proficiency in Trusted Execution Environments (TEE) and secure virtualization, with a focus on QEMU and AMD SEV-SNP for workload confidentiality and integrity.
  • Experience with reverse engineering tools (Ghidra, IDA Pro, Binary Ninja, binwalk) and fuzzing frameworks.
  • Skilled in adversary emulation, lateral movement techniques, privilege escalation, and exfiltration tactics.
  • Expertise in securing containerized environments, including Kubernetes security, container hardening, and runtime protection.

Base Salary Range:  $175,000 - $240,000/yrThis position can be considered across multiple levels. Total compensation at DFINITY consists of base salary + generous bonus and is determined based on multiple factors including job leveling, areas of expertise, educational background, geographic location and overall experience.  In addition to the cash components of our offers, we have generous benefits including top tier medical, dental, and vision insurance; disability insurance; life insurance; 401(k); flexible PTO policy in addition to paid holidays.

About DFINITY and the Internet Computer:


DFINITY is a leading contributor to the Internet Computer Protocol (ICP), with a mission to bring the world's compute onto the secure ICP network. Built on its unique third-generation blockchain technology, ICP enables the development and operation of a new generation of unstoppable, tamper-proof, fully decentralized web applications. Its powerful technology can run entire AI models within smart contracts, representing a major advancement for secure AI. Through seamless integration with Bitcoin, Ethereum, and other networks, ICP facilitates multi-chain operations for digital assets and web3.Join our team of over 250 talented individuals, including world-renowned cryptographers, distributed systems engineers, programming language experts, and industry leaders, who are shaping the future of the internet and web3.DFINITY was founded in 2016 by entrepreneur and crypto theoretician, Dominic Williams.All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

Life at DFINITY

DFINITY is a blockchain based world computer network that is powerful enough to host business applications at scale. The network features a variety of innovations in the blockchain space. The DFINITY network is self-governing through the use of an adaptive network called the Blockchain Nervous System (BNS). The network is also capable of achieving transaction finality at an average speed of 5 seconds due to advancements in random number generation and selection. The DFINITY protocol uses Verifiable Random Functions (VRFs), BLS Cryptography and the Threshold Relay technique (powered by a random beacon) to achieve these speeds. This technology is aimed at developers who would like to create and run smart contracts on a blockchain network. DFINITY is also attractive for businesses seeking an enterprise solution that can lower (human capital based) costs with benefits such as speed, security and scalability.
Thrive Here & What We Value- Inoffice work from our amazing office in Zurich.- Passionate about building the future of Web3.- Collaborative team culture.- Significant Growth Opportunities.- Invitation to Play a Crucial Role in DFINITY's Journey.- Support for ongoing learning and professional development.- Flexible working hours and remote work options.- Strong Interest in Web3 Technologies, Ideally with Project or Research Experience, and Proactive Approach to Innovation.- Collaborative environment with a focus on teamwork.- Opportunities for career growth and advancement.
View more

Related Sub

This job belongs to these sub. Explore related roles here:
Top web3 jobs
Your tracker settings

We use cookies and similar methods to recognize visitors and remember their preferences. We also use them to measure ad campaign effectiveness, target ads and analyze site traffic. To learn more about these methods, including how to disable them, view our Cookie Policy or Privacy Policy.

By tapping `Accept`, you consent to the use of these methods by us and third parties. You can always change your tracker preferences by visiting our Cookie Policy.

logo innerThatStartupJob
Discover the best startup and their job positions, all in one place.
Quick SearchSearch JobsSearch Remote Jobs hiring WorldwideSearch Remote Jobs in the USSearch Jobs in IndiaSearch Remote Jobs in UKSearch by Title
AreaCaliforniaMassachusettsNew YorkTexasVirginiaWashington D.C.View all
Popular SubRemote JobsWeb3 JobsiOS Developer JobsFront End Developer Remote JobsComputational Geometry JobsCannabis CareersView all
CompanyAbout UsContact usBlogCreditsCareersPrivacy PolicyCookie Policy
Copyright © 2025