Senior Application Security Engineer - Web 3

Job Description

BitGo, a leading infrastructure provider of digital asset solutions, is seeking a Senior Application Security Engineer - Web 3 to enhance its application security practices. The candidate will focus on preventing and detecting vulnerabilities, emphasizing quality and automation. This role involves working during regular business hours with the local team, with occasional evening meetings.BitGo is looking for someone to:

• Build and secure scalable backend APIs, libraries, and services for custody, staking, and tokenization
• Perform architectural reviews and threat modeling across full-stack systems
• Implement and maintain static/dynamic analysis pipelines for Web3 apps
• Review smart contracts and dApp integrations (frontend, backend, Web3 layers)
• Write and deploy security tooling (e.g., Slither, Foundry fuzzers, Semgrep, CodeQL)
• Partner with product and DevOps teams to integrate security throughout the SDLC
• Monitor evolving blockchain attack vectors (MEV, oracle abuse, signature replay, etc.)
• Drive the remediation of security issues and contribute to postmortems and mitigations

BitGo requires:

• 5+ years in backend engineering, application security, or product security
• Proficiency in TypeScript/Node.js, Python, SQL, and React
• Experience building secure APIs, services, or distributed systems
• Familiarity with authentication/signature schemes (OAuth2, HMAC, EIP-712)
• Strong security fundamentals — from vulnerability triage to defense-in-depth
• Git-based workflows, CI/CD, code reviews, and test automation

BitGo offers:

• Competitive salary
• IT equipment support for work
• Meal & Commute allowance
• Medical Insurance
• Attractive Well-being allowance (comprises of medical, wellness and fitness aspects)
• Snacks: on-the-house in the Bangalore office