Security Engineer - Research & Test

About the Role

We're seeking a mid-level security engineer to join the Dusk Labs engineering team, focusing on security research and building robust automated security testing infrastructure across our portfolio of fintech and cryptography projects. This role combines hands-on security analysis with systems engineering, requiring someone who can both identify vulnerabilities and build the tools to continuously validate security posture. You'll work across a range of systems - from transport layer protocols implementing novel post-quantum cryptography to financial infrastructure handling sensitive transactions - conducting in-depth security research and developing comprehensive automated testing frameworks to support our security-first development process. You'll be on a high-performing team with other expert-level developers who are passionate about learning and working on interesting problems.

Responsibilities

• Conduct security research and vulnerability analysis across fintech and cryptographic systems.
• Design and build automated security testing infrastructure using Rust and shell scripts.
• Develop and maintain comprehensive security test suites, including fuzzing, penetration testing automation, and cryptographic protocol testing.
• Build monitoring and alerting systems to detect security anomalies and potential attack vectors.
• Perform threat modeling and security assessments of system architecture and code implementations across multiple projects.
• Research and analyze emerging attack techniques, vulnerabilities, and defensive technologies relevant to financial systems and cryptographic protocols.
• Create tools and frameworks for continuous security validation in CI/CD pipelines.
• Document security findings and translate research into actionable recommendations for the development team.
• Maintain and enhance existing security testing tools and infrastructure.

Required Qualifications

• Strong software development fundamentals with 2–4 years of experience.
• Solid experience with Rust or willingness to learn quickly.
• Comfortable with TypeScript and modern web technologies.
• Strong experience with Linux systems and shell scripting.
• Background in security testing methodologies, including static analysis, dynamic analysis, and penetration testing.
• Knowledge of cryptographic concepts and secure coding practices.
• Experience building automated testing infrastructure or CI/CD systems.
• Familiarity with security tools and frameworks (SAST, DAST, fuzzing tools, etc.).
• Knowledge of network protocol analysis and traffic inspection tools.
• Strong analytical and problem-solving skills with attention to detail.

Preferred Qualifications

• Experience with security research or vulnerability discovery.
• Background in cryptographic protocol analysis or implementation.
• Experience auditing DeFi protocols.
• Experience with containerization and orchestration technologies (Docker, Kubernetes).
• Familiarity with reverse engineering tools and binary analysis.
• Experience with compliance frameworks and security standards.
• Background in malware analysis or incident response.
• Experience with cloud security and infrastructure-as-code.
• Open source contributions to security tools or research projects.

About Dusk Labs We are an engineering-driven development agency that helps early-stage companies kick-start their engineering operations, or helps mid-stage companies develop greenfield software projects. We strive to maintain expertise at the cutting-edge of technology, take pride in doing high quality work, and differentiate ourselves from other development teams through our results. You'll be a good fit if you are passionate about technology, like getting things done, learning new things, and working on interesting problems. You'll also be a good fit if you like freedom. We respect your autonomy and don't have strict rules on how and when you work. We only have occasional meetings, and prefer asynchronous communication. When we do have meetings, we try to knock them out all at once to maximize uninterrupted work time. If you've got a public record of your work, whether that's a body of talks and publications, or especially open source software projects, we'd love to see it. You'll go to the front of the interview line. Apply tot his job Apply To this Job