Who we are

Mantle is a pioneering on-chain ecosystem dedicated to revolutionizing the future of finance and blockchain scalability, seamlessly bridging traditional finance (TradFi) and decentralized finance (DeFi). Through innovative pillars like Mantle Network, mETH Protocol, Function (FBTC), Mantle Index Four (MI4), UR and MantleX, Mantle empowers users and institutions with a unified financial services platform, redefining how the world spends, saves, and invests in the Web 3.0 era.

Anchored by the Mantle Treasury, the largest community-owned treasury in the ecosystem, Mantle ensures robust liquidity and financial stability. With over $3 billion in assets, it actively funds core product development and fosters the growth of asset partners, such as Agora AUSD, Ethena USDe, Ondo USDY, and EigenLayer restaking, enhancing sustainable yield, deep liquidity, and financial utility on the Mantle Network.

Your Role

负责研发过程中的需求风险识别与安全评审，代码审计，上线前测试以及上线后的风险监测；
负责跟进安全漏洞处理和漏洞预警运营，协助业务修复直至漏洞关闭；
为开发人员提供安全培训，对代码中的安全问题给出有效的解决方案；
对安全事件进行应急响应，及时解决出现的安全问题；
持续追踪和运营相关领域情报收集、分析、挖掘，进行风险预警；
定期业务部门同步协调，同步最新的安全状态、要求和规范，并与业务部门协同进行落实。

Your Craft

本科及以上学历，5年以上渗透和代码审计工作经验；
至少掌握一门开发语言（Nodejs、Golang等）；
掌握安全应急响应技术与流程；
熟悉渗透测试和APT攻防技术，熟悉内网渗透（不限于各类横向越权、免杀技术、隧道穿透技术等）；
熟悉常见互联网业务场景安全设计和数据安全最佳实践；
熟悉常见加密签名算法、TLS、OAuth、JWT 及相关技术；
熟悉常见公链（BTC/ETH等）及数字货币钱包基本工作原理；
主动思考，学习能力强。

Extra Credit

有威胁建模、SDL/devsecops实践经验；
有APT溯源经验；
有安全工具、平台的开发经验；
有过应急预案定制和响应经验，有持续追踪和运营相关领域情报经验。

If you think you have valuable experience to bring to the organization, but don’t necessarily meet all of the criteria for the role, we still want to hear from you. We consider all applications.

Security Engineer

Windranger Labs