Security Engineer, Red team at Coinhako

<p style="min-height:1.5em">Are you ready to be the first line of offense for one of the fastest-growing companies in the Cryptocurrency and Blockchain space? We're looking for an experienced <strong>Security Engineer (Red Team)</strong> to think like an adversary, break things before attackers do, and help us build a platform our users can trust with their assets.<br />In crypto, every vulnerability has an immediate, irreversible dollar value attached. That's the bar you'll be operating at.</p><p style="min-height:1.5em"></p><p style="min-height:1.5em"><strong>What you'll be doing:</strong></p><ul style="min-height:1.5em"><li><p style="min-height:1.5em">Plan and execute <strong>offensive security engagements</strong> across our web, mobile, API, and microservice surfaces, as well as cloud infrastructure and internal systems.</p></li><li><p style="min-height:1.5em">Perform <strong>in-depth application security assessments and penetration tests</strong>, with a focus on the attack paths that matter most in a crypto/fintech context: authentication and session handling, wallet and key management flows, transaction integrity, withdrawal and KYC bypasses, business logic abuse, and privilege escalation.</p></li><li><p style="min-height:1.5em"><strong>Threat model</strong> new and existing products from an attacker's perspective — including custody flows, trading engines, on-chain integrations, and partner/third-party data exchanges — and turn abstract risks into concrete, testable abuse cases.</p></li><li><p style="min-height:1.5em">Conduct <strong>manual secure code review</strong> on production codebases to find vulnerabilities that scanners miss, with particular attention to financial logic, race conditions, and trust-boundary violations.</p></li><li><p style="min-height:1.5em"><strong>Build tooling</strong>: write robust scripts, automate offensive workflows, and create frameworks that scale red team coverage across a fast-moving codebase.</p></li><li><p style="min-height:1.5em">Partner closely with <strong>Engineering, DevOps, Product, and external partners</strong> to triage findings, design remediations, and embed security earlier in the SDLC.</p></li><li><p style="min-height:1.5em">Research emerging threats in<strong> Web3, mobile, and cloud</strong> — new exploitation techniques, smart contract attack patterns, DeFi exploits, supply chain attacks — and translate them into proactive testing methodologies before they hit production.</p></li><li><p style="min-height:1.5em">Produce clear, prioritized <strong>reports and recommendations</strong> that articulate technical findings, business impact, and remediation paths to both engineers and executives.</p></li><li><p style="min-height:1.5em">Provide technical support during <strong>incident response and forensic analysis</strong> of compromised systems, contributing red team perspective on attacker tradecraft and evasion.</p></li><li><p style="min-height:1.5em">Help shape the <strong>practices, pla