Smart Contract Risk Hunter

Zero2Launch is a blockchain startup launchpad. We help early-stage Web3 projects go from idea to live token — providing the strategy, infrastructure, and capital partners they need to launch successfully. Every project we launch carries our name, which means every smart contract we bless carries a piece of our reputation. This role exists to make sure that reputation is well placed.

We are looking for a Smart Contract Risk Hunter — someone who reads code the way an attacker does. Your job is to stand between the projects we're about to launch and everything that could go wrong with their contracts once real money hits them.

You'll review the smart contracts of every serious deal in our pipeline. You'll find the reentrancy waiting to happen, the oracle that can be manipulated, the upgrade path nobody thought about, the edge case in the tokenomics that turns into a drain. Then you'll write it up so clearly that both our team and the founders understand exactly what needs to change.

This is not a replacement for formal audits — it's the layer that decides which projects even get to that stage with us.

• Review smart contracts of incoming projects across Solidity (EVM chains) and, where relevant, Rust (Solana) or Move (Aptos/Sui).
• Identify vulnerabilities across the full spectrum: reentrancy, access control, arithmetic issues, oracle manipulation, flash loan attacks, upgrade/proxy risks, MEV exposure, and logic-level flaws.
• Evaluate tokenomics implementations — vesting contracts, staking mechanisms, fee structures, and emission schedules — for both bugs and adversarial design.
• Produce clear, prioritized risk reports for leadership and for the founding teams of projects in our pipeline.
• Follow up with project teams on remediation and verify that fixes actually fix the problem.
• Monitor newly deployed contracts of our launched projects for anomalies and post-launch risk signals.
• Stay current on exploits, post-mortems, and emerging attack patterns across Web3 — and translate them into how we screen projects going forward.
• Contribute to internal tooling, checklists, and automated screening that scale your judgment across more deals.

Must have

• 3+ years of hands-on experience with smart contract security — as an auditor, security researcher, protocol engineer, or bug bounty hunter.

Interested in remote work opportunities in Blockchain? Discover Blockchain Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Strong proficiency in Solidity, with a deep understanding of the EVM, common design patterns, and their failure modes.
• A demonstrable track record of finding real vulnerabilities: audit reports, public disclosures, bug bounty findings, CTF wins, or protocol-level contributions.
• Fluency with the modern smart contract tooling stack: Foundry, Hardhat, Slither, Mythril, Echidna, Tenderly, block explorers.
• Understanding of DeFi primitives at the code level: AMMs, lending protocols, oracles, bridges, staking, and how they break.
• Excellent written English — your reports will be read by non-technical stakeholders as well as engineers.
• Based in Germany with the right to work there.

Personal qualities that matter to us

• Attacker's mindset. You don't just check that code does what it should — you look for what it can be made to do.
• Rigorous and patient. Real vulnerabilities hide in the boring parts of the code; you read them anyway.
• Discretion and integrity. You'll see unpublished contracts and early-stage projects; we need to trust you absolutely.
• Long-term mindset: you're looking for a role you can grow into, not a stepping stone.

Nice to have

• Proficiency in Rust (Solana/Anchor) or Move (Aptos/Sui).
• Experience with formal verification (Certora, K, Halmos) or advanced fuzzing.
• Published research, blog posts, or talks on smart contract security.
• Background at a reputable audit firm, a major protocol's security team, or a serious bug bounty platform ranking.
• On-chain forensics experience — investigating exploits after the fact.
• Contributions to open-source security tooling.

• Above-market base salary — approximately 20% above industry benchmarks for this level. No variable compensation; we believe in paying well and predictably.
• Fully remote role, based in Germany, with flexibility on working hours (some overlap with European business hours required).
• A steady stream of new, unlaunched projects to review — no two weeks look the same.
• Direct influence on which projects we launch. Your "no" is a real "no".
• Time and budget for continued learning: conferences, tools, research, whatever sharpens your edge.
• A long-term, stable role with a company that values loyalty and invests in the people who build it.

Send your CV. We review every application and will follow up with a short set of screening questions. Promising candidates are invited to a full interview where we discuss experience and fit in depth.

• Welcome to Zero2Launch.