All Open Roles
SecurityFull-time · Remote

Protocol Security Researcher

Find every way an AI agent can break our spending rules before attackers do.

Nomiqon's core promise is that spending policies are enforced — always. Your mission is to ensure that promise is cryptographically, programmatically, and economically unbreakable. You will conduct deep research into the attack surfaces of our spending enforcement layer, model adversarial AI agent behavior, audit our Solana programs, and establish the security posture of the entire platform. This is a role for a researcher who thinks like an attacker and builds like an engineer.

What You'll Do

  • Continuously audit Nomiqon's spending enforcement layer for cryptographic, logical, and economic vulnerabilities
  • Model adversarial AI agent scenarios — prompt injection attacks that target financial controls, rogue agent behavior, and policy bypass patterns
  • Conduct thorough security reviews of all Solana programs and off-chain enforcement components before deployment
  • Design and run fuzzing campaigns, property-based tests, and formal verification proofs against critical spending policy logic
  • Build an internal security testing framework that enables continuous, automated regression testing of all spending enforcement invariants
  • Lead external security audits, coordinate with third-party auditing firms, and publish security research that builds community trust
  • Establish Nomiqon's responsible disclosure program and bug bounty infrastructure

What We Need

  • 5+ years of security research experience, ideally with a focus on financial or cryptographic systems
  • Deep expertise in smart contract auditing, Solana program security, or blockchain protocol security
  • Hands-on experience with fuzzing frameworks (e.g., AFL++, libFuzzer, Echidna) and formal verification tools (e.g., Certora, Halmos)
  • Strong understanding of common attack vectors in DeFi — reentrancy, oracle manipulation, front-running, economic attacks
  • Ability to model adversarial AI behavior and reason about novel attack surfaces that don't yet have established playbooks
  • Track record of published CVEs, security audit reports, or contributions to major bug bounty programs

Nice to Have

  • Prior experience auditing financial infrastructure systems (banking, payments, custodial crypto)
  • Research background in adversarial machine learning or AI safety
  • Experience building internal security tooling for continuous monitoring of production financial systems

Questions? careers@nomiqon.com