Simplify Logo

Full-Time

Offensive Security Engineer

Blockchain, Defi

Posted on 1/24/2025

Halborn

Halborn

51-200 employees

Cybersecurity for blockchain and digital assets

No salary listed

Senior, Expert

Remote in USA

US Top Secret Clearance Required

Category
Cybersecurity
IT & Security
Required Skills
Blockchain
Requirements
  • A passion for the cryptocurrency industry
  • 5+ years of offensive security experience.
  • 2+ years of experience in system administration, application development or network administration.
  • Experience using common penetration testing tools, BurpSuite, Metasploit, etc.
  • Proficient in at least 1 scripting language.
  • Proficiency with common server and workstation operating systems.
  • Mastery in testing modern web application languages and frameworks.
  • Mastery in testing modern authentication systems and Identity Providers.
  • Proficient knowledge of blockchain and smart contract implementations.
  • Ability to think critically and identify areas of technical and non-technical risk.
  • Ability to write technical reports and communicate technical content to non-technical audiences.
Responsibilities
  • Conduct realistic adversary simulations from conception through reporting.
  • Perform Testing systems, applications, networks and processes.
  • Research cutting-edge offensive security techniques.
  • Developing tools and exploits.
  • Communicate clearly and effectively, both written and orally, the risks that exist and remediations required.
  • Work collaboratively and independently on unique or special assignments which may require specialized knowledge and/or experience.
  • Comply with Company, Division and Professional ethical standards.
Desired Qualifications
  • Experience in smart contract audits (suggested)
  • Relevant security certifications are a plus, but not required (OSCP, OSCE, GPEN, GWAPT, LPT, CISSP).
Halborn

Halborn

View
Website

Halborn specializes in cybersecurity focused on blockchain technology and digital assets. The firm provides security audits, penetration testing, and consulting services to clients in the digital finance sector, including cryptocurrency exchanges and Decentralized Finance (DeFi) companies. Their services help ensure the security of digital assets and financial infrastructure by addressing the specific security threats associated with blockchain technology. Halborn stands out from competitors due to its deep understanding of both blockchain and traditional financial security, which allows them to offer tailored solutions. The company's goal is to protect businesses from security threats, ensuring the safe launch and maintenance of digital exchanges and smart contract infrastructures.

Company Size

51-200

Company Stage

Series A

Total Funding

$90M

Headquarters

Miami, Florida

Founded

2019

Simplify Jobs

Simplify's Take

What believers are saying

  • Increased demand for blockchain security due to high-profile hacks like Bybit's.
  • The rise of DDoS-as-a-Service platforms creates opportunities for specialized protection services.
  • Tokenizing real-world assets could drive demand for secure blockchain solutions.

What critics are saying

  • DDoS-as-a-Service platforms pose significant threats to digital finance platforms.
  • Sophisticated attacks on exchanges highlight risks of large-scale financial losses.
  • AI-powered bot farms introduce misinformation risks and potential reputational damage.

What makes Halborn unique

  • Halborn specializes in blockchain technology and digital asset security.
  • The company offers high-level security audits and penetration testing for DeFi clients.
  • Halborn's expertise extends beyond smart contracts to comprehensive cybersecurity consulting.

Help us improve and share your feedback! Did you find this helpful?

Benefits

Health Insurance

Unlimited Paid Time Off

Company Equity

Growth & Insights and Company News

Headcount

6 month growth

5%

1 year growth

5%

2 year growth

-6%
Decrypt
Mar 13th, 2025
Elon Musk’S X Ddos Accusation Ignores Basics Of Cyber Attacks, Expert Says

Decrypt’s Art, Fashion, and Entertainment Hub. Discover SCENEElon Musk’s claim that the DDoS attack on X (formerly Twitter) originated from Ukraine drew skepticism from cybersecurity experts, who argue that attributing attacks based on IP addresses is unreliable.Attackers frequently use virtual private networks (VPNs) and other methods to obfuscate their origins, making pinpointing a specific geographic source difficult.On Monday, X was the target of a distributed denial-of-service attack that intermittently shut down the popular social media site for users worldwide. The X DDoS attack was linked to Dark Storm Team, a notorious hackivist group known for launching similar large-scale cyber disruptions.Hours after the attack, Musk claimed during an interview with Fox Business that the IP addresses associated with the attack originated in the Ukraine area.Tech-savvy users on X quickly pointed out that IP addresses can be masked or spoofed, making them appear to originate from one region when they actually originate from another.Dear Elon:You can't attribute an attack to any geographic location by IP address alone.See: VPN, location spoofing, etc.Also See: How botnets are controlled remotelyAlso Also See: Ask a cybersecurity person to help you. — MikeTalonNYC (@MikeTalonNYC) March 10, 2025Cybersecurity professionals also cautioned against drawing conclusions based solely on IP address data.“If one were conducting a DDoS attack you wouldn't necessarily see each connection originating from an IP address from a specific nation or netblock,” Scott Renna, Senior Solutions Architect with blockchain security firm Halborn, told Decrypt. “By definition, the attack would have to come from multiple IP addresses.”Renna pointed out that attackers distribute their traffic across numerous locations to avoid detection and mitigation efforts.“From an optics perspective and a blocking and prevention standpoint, it's just not how it's typically done,” he said.While the origins of the X attack remain a mystery, DDoS-as-a-Service websites are popping up to facilitate the launch of large-scale attacks. These websites let customers pay to launch DDoS attacks.There are two main types of DaaS."Stresser" services, which are legitimate tools companies use to test and strengthen their IT infrastructure

PYMNTS
Feb 24th, 2025
Bybit ‘Back To 100%’ After Historic $1.5 Billion Hack

Cryptocurrency exchange Bybit says it has replenished its reserve following a record-breaking $1.5 billion hack. The company announced Monday (Feb. 24) that it had conducted a fresh audit and restored its reserve to a 1:1 ratio within 72 hours of last week’s incident. “Bybit fully backs all customer assets entrusted to our platform, maintaining a dynamic ratio of over 1:1,” Ben Zhou, Bybit’s co-founder and CEO, said in a news release

PYMNTS
Feb 21st, 2025
Crypto Exchange Bybit Reports Hack, Analysts Estimate $1.5 Billion Loss

Cryptocurrency exchange Bybit said Friday (Feb. 21) that a cyberattacker stole some of its holdings.In its posts on X about the incident, the company did not say how much was taken.Bloomberg reported Friday that analysts estimate the loss to total nearly $1.5 billion worth of tokens.Rob Behnke, co-founder and executive chairman of blockchain security firm Halborn, told Bloomberg the hack was likely the “largest incident ever, not just crypto.”Bybit said in a said in a post on X that the attacker was able to transfer some of the firm’s holdings to an unidentified address after gaining control of one of Bybit’s Ethereum (ETH) cold wallets when it was executing a transfer to one of its warm wallets.Bybit detected unauthorized activity involving one of our ETH cold wallets. The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing… — Bybit (@Bybit_Official) February 21, 2025The company’s security team is working with blockchain forensic experts to investigate the incident and trace the assets, according to the post.“We want to assure our users and partners that all other Bybit cold wallets remain fully secure,” the post said. “All client funds are safe, and our operations continue as usual without any disruption.”Later, Bybit reposted a post by Co-founder and CEO Ben Zhou that said: “Bybit is solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss.”Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss. — Ben Zhou (@benbybit) February 21, 2025Bloomberg reported that Zhou said during a livestream on X that Bybit’s withdrawals were still open and that the exchange had processed over 70% of the withdrawal requests it received after the hack.Bybit is one of the world’s largest crypto exchanges, is headquartered in Dubai and is not available in the U.S., according to the report.With about $16.2 billion in assets on its exchange before being hacked, the stolen tokens amounted to about 9% of its total assets, the report said.Bloomberg reported later Friday that the prices of the two largest cryptocurrencies — bitcoin and ether — dipped as traders reacted to news of the hack at Bybit but remained within the range at which they have traded this month.This news came about a month after Bybit said its Bybit Pay solution is live in Brazil and integrates with the Brazilian Pix instant payment system, enabling users to make payments in both fiat currency and cryptocurrency.The news also came on the same day cryptocurrency exchange Coinbase said that staff at the U.S

SmartBlocks
Aug 27th, 2024
Tokenized Real-World Assets: A $30 Trillion Opportunity According to Polygon

Why It Matters: By partnering with Halborn Security and BackedFi, Anzen is enhancing security and expanding access to real-world assets, making it a solid choice for those looking to diversify their portfolios with less risk.

Decrypt
Jul 9th, 2024
Us Disrupts Ai-Fueled Russian Bot Farm On Twitter

Decrypt’s Art, Fashion, and Entertainment Hub. Discover SCENEU.S. law enforcement authorities seized two domains connected with an AI-powered social media bot farm linked to the government of Russia, the U.S. Department of Justice (DOJ) announced on Tuesday.“This is a strong example of the disruption-first strategy that the Department, including the FBI, have taken when it comes to cyber and cyber-enabled threats to national security,” a DOJ spokesperson told Decrypt. “We continue to evolve in the way we defend and identify these actors.”According to documents released by the agency, the cybercriminals used generative AI to create fake social media profiles, many claiming to be Americans, that were then used to post pro-Russian messages on Twitter.“Today’s actions represent a first in disrupting a Russian-sponsored generative AI-enhanced social media bot farm,” U.S. Federal Bureau of Investigation (FBI) Director Christopher Wray said in a statement

INACTIVE