Berachain is a high-performance EVM-identical Layer 1 blockchain built on the novel Beaconkit framework, leveraging its unique Proof-of-Liquidity (PoL) consensus to accelerate applications and reward users. PoL routes Berachain’s block rewards to the users of applications building in the ecosystem; investing the chain’s native incentives into liquidity, activity, and other unique growth drivers on the network.

Berachain has raised over $100M from leading digital asset investors including Brevan Howard, Framework Ventures, Polychain Capital, Hack VC, Tribe Capital, Samsung Next, Laser Digital by Nomura, and many others.

Berachain’s mainnet was launched in Feb 2025. As of June 2025, it stands as a top 10 L1 by TVL, and one of the only L1 ecosystems with a means of returning value to its tokenholders through Proof of Liquidity. The native ecosystem consists of dozens of teams across DeFi, DePIN, RWAFi, consumer crypto, gaming, AI and more, with corporate partners including some of the world’s largest brands in sports, entertainment, and payments

Role Overview

We are looking for a strong Application Security Engineer, preferably with crypto / web3 experience.

As a Staff Application Security Engineer, you will own the security of the Web2 / off-chain part of our crypto tech stack, including frontend and backend code, with a constant focus on crypto-specific security risks.

Reporting to the CISO, this role is a generalist security engineering role with an AppSec focus, working closely on other security projects on an as-needed basis, including but not limited to optimizing existing monitoring tooling, performing IR, working closely with the IT team, etc.

Because this role will lead and train junior frontend developers in secure coding practices, excellent communication skills and reasonable EQ are a non-negotiable prerequisite for this role.

Requirements

Minimum five (5) years of experience as a security engineer
Minimum two (2) years of experience as a developer
Thorough knowledge of the OWASP Top 10
Experience with multiple SAST / SCA tools
Deep knowledge of the NodeJS ecosystem and its associated security risks (e.g. dependency security risks)
Knowledge of Typescript
Minimum two (2) years of working with k8s
Offensive / adversarial security mindset
Strong communication skills

Desirable knowledge

Minimum 1-2 years in crypto / web3
SIEM experience, preferably something other than Splunk
AWS or GCP experience highly desirable
experience writing custom rules for Semgrep
Experience with MPC
Experience with HSMs
Experience with TEEs

Why Join Us:

Work with a passionate and experienced team on the forefront of blockchain technology.
Opportunity to make a significant impact in a rapidly growing industry.
Competitive salary and equity compensation.
Flexible working environment with opportunities for remote work.
Professional growth and development opportunities through mentorship and collaboration with industry experts.

If you are excited about the future of decentralized finance and want to be part of a team building the infrastructure to support it, we would love to hear from you. Apply today and join us in building the future of blockchain technology.