About Move Industries
Move Industries is building the People’s Chain, a Move-based Layer 1 blockchain, and a diverse ecosystem that empowers talented builders to create the future of finance, infrastructure, and real-world value on chain. As a core contributor to the Movement Network, we combine deep protocol engineering with open community governance, returning blockchain to its roots by giving financial power, access and opportunity back to the people.
Our Mission
Our mission is to fuel the next generation of secure, expressive, and high-performance blockchain applications through the Move programming language and scalable distributed systems. You will help unlock massive throughput, low latency, and resilience across consensus, data availability, and privacy - the invisible rails that make an open and decentralized future possible.
The Role
We are seeking a Security Engineer to join our core engineering team.
This is a hands-on offensive and defensive role. You will audit Move modules and protocol code, build tooling that finds bugs before attackers do, and own the security posture of a production Layer 1. You will work directly with protocol, runtime, and consensus engineers - and with external auditors and the broader Move security community - to make the People’s Chain one of the hardest targets in crypto.
This is not a checklist-driven compliance role. This is an adversarial systems engineering role with end-to-end ownership of how the network survives contact with sophisticated, well-funded attackers.
What You’ll Do
Audit Move modules, protocol code (Solidity, Rust), and consensus/networking layers for vulnerabilities before they ship
Design and build security tooling: fuzzers, invariant tests, static analyzers, formal specifications, and runtime monitoring
Drive formal verification efforts using the Move Prover; write specifications for critical modules (token, staking, governance, bridge)
Threat-model the protocol end-to-end - consensus, execution, data availability, bridges, RPC, validator infrastructure
Use AI adequately to scale code review, vulnerability triage, and exploit-pattern detection across the codebase
Own the bug bounty program and triage external reports; turn findings into engineering fixes and regression tests
Lead security incident response, root cause analysis, post-mortems, and disclosure coordination
Partner with engineering teams to shift security left: secure-by-default APIs, code review standards, threat models attached to every design doc
Engage with the external security community - auditors, researchers, white-hats - and contribute back to the Move ecosystem
Stay ahead of the threat landscape: bridge exploits, MEV, signature malleability, oracle manipulation, governance attacks, validator collusion
What We’re Looking For
Track record of finding real vulnerabilities - public audit reports, CVEs, bug bounty wins, original security research, or notable CTF results
Strong code-level security skills: you can read a Move module or a Solidity codebase and instinctively spot the dangerous path
Deep understanding of at least one smart contract VM (Move, EVM, SVM) and the classes of bugs each enables
Comfort writing real code (Move, Solidity, Rust, Python) to build security tooling - not just consume it
Strong understanding of:
Smart contract vulnerability classes: access control, reentrancy and Move-equivalents, oracle manipulation, MEV, signature replay, arithmetic edge cases, upgrade hazards
Consensus security and BFT failure modes
Cryptographic primitives (signatures, hashes, ZK basics) and where they go wrong in practice
Bridge and cross-chain security
Adversarial mindset: you assume the protocol will be attacked by sophisticated, well-funded adversaries on day one
Bias toward tooling and automation: find one bug manually, then write the tool that finds the next ten
Preferred Qualifications
Experience auditing or building Move smart contracts (Aptos, Sui, or similar)
Experience with formal verification - Move Prover, Certora, K Framework, Coq, Lean, or similar
Experience with fuzzing and invariant testing frameworks (Echidna, Foundry, Medusa, libFuzzer, AFL)
Prior experience at a top audit firm (Trail of Bits, OpenZeppelin, ChainSecurity, Spearbit, Cantina, Zellic, Sigma Prime) or in-house security at a major L1/L2
Familiarity with EVM internals, Solidity, or Rust-based VMs (CosmWasm, Solana programs)
Published security research, conference talks, or significant open-source security tooling
Experience running or contributing to bug bounty programs at scale (Immunefi, HackerOne, Cantina)
Experience with incident response, on-call rotations, and disclosure coordination under pressure
Why Join Us
True ownership of security across a production L1 - protocol, runtime, infrastructure, and ecosystem
Work directly with protocol and runtime engineers - not as a gate, but as a partner
Solve hard problems at the intersection of language design, distributed systems, cryptography, and adversarial engineering
Competitive compensation with meaningful upside
Defend infrastructure that real applications, real users, and real money depend on
Our Engineering & Ownership Culture
Make it live. Then make it better.
Keep It Simple Stupid (KISS)
Extreme ownership
No silos between “dev” and “security”