Application Security Engineer at Polymarket · Web3Vacancy
Jobs Companies Pricing Blog About Contact
For Recruiters
Live · Updated daily

Web3 Jobs & Crypto Jobs Where crypto teams hire. Where builders get found.

The #1 crypto-native job board for web3 jobs, crypto jobs & blockchain vacancies. Every role in the ecosystem — dev, design, marketing & more. Remote-first at top protocols, DAOs & companies.

500+Open Jobs
680+Companies
$180kAvg Salary
94%Remote Roles
Hiring in web3? Post a vacancy or search 5,000+ vetted crypto-native builders and reach out directly.
Analysing Your CV...
Extracting your experience, skills, and details...

Latest Crypto Job Vacancies

10 jobs found
No longer accepting applicationsThis role at Polymarket has closed. Browse live web3 jobs instead.

Application Security Engineer

Office
Market range (est.) $90k–$180k
◆ 7/10 cryptodevsecurityweb3
Join Talent Pool
Get Discovered

No applications. Teams find and message you directly.

Drop your CV. web3 teams find you.
AI builds your profile in 60 seconds · PDF · drag or click
Upload CV
3-5d avg. to first message · 320+ hires made
No account needed. Teams find you and reach out directly.
5,000+ web3 builders in the pool
About this role

Join Polymarket as an Application Security Engineer to enhance security in our software development lifecycle. Collaborate with teams to identify vulnerabilities and lead security assessments for our platform.

Description

About Polymarket

Polymarket is the world's largest prediction market platform. We enable individuals to express views on real-world events by trading on outcomes across politics, economics, sports, culture, and current affairs. Built as a peer-to-peer marketplace with no centralized "house," Polymarket aggregates diverse opinions into transparent, market-based probabilities that reflect collective expectations about the future. We're growing fast — both in terms of volume ($21B traded in 2025) and adoption as an alternative news source. Our ambition is to become a ubiquitous beacon of truth in global media and we need your help adding fuel to the fire.
Responsibilities

What You'll Do

  • Own the application security program across the SDLC — from design review through deployment — ensuring security is addressed early and consistently
  • Conduct threat modeling on new features and architectural changes; perform security design reviews and code reviews on high-risk changes with specific, actionable findings
  • Own the SAST, DAST, and SCA toolchain — selection, deployment, tuning, and CI/CD integration so findings surface at commit time, not post-deployment
  • Triage and prioritize automated scanner output, delivering a risk-ranked backlog rather than raw tool output to engineering teams
  • Conduct manual penetration testing and security assessments of web applications, APIs, and internal services — with particular focus on authentication, authorization, and financial transaction flows
  • Manage the external penetration testing program and own the bug bounty program end-to-end: triage, severity calibration, researcher communication, and payout coordination
  • Track and drive remediation of application-layer vulnerabilities across the product portfolio; monitor CVEs and escalate exploitable issues requiring immediate action
  • Develop and maintain secure coding guidelines and developer-facing security education tailored to the team's stack and threat model
Requirements

What We're Looking For

  • 3+ years of hands-on application security experience — penetration testing, secure code review, or a dedicated AppSec engineering role
  • Strong proficiency identifying and exploiting OWASP Top 10 vulnerabilities; experience assessing modern web applications and API architectures
  • Experience deploying and operating SAST, DAST, and SCA tooling (Semgrep, Snyk, Burp Suite, or equivalent)
  • Ability to read and write code in at least one common backend language (Python, Go, TypeScript, or similar) to conduct meaningful code review
  • Experience conducting or managing penetration tests against web applications and REST/GraphQL APIs
  • Solid understanding of authentication and authorization patterns: OAuth 2.0, JWT, session management, RBAC, and common weaknesses in each
  • Clear written communication — able to write findings that developers actually read and act on
  • (Plus) Experience with a bug bounty platform (HackerOne, Bugcrowd, or equivalent) as an operator
  • (Plus) Familiarity with smart contract security, blockchain transaction flows, or Web3 threat models
  • (Plus) Experience securing financial transaction systems — payment flows, fraud vectors, double-spend risks
  • (Plus) Security certifications: OSCP, GWAPT, GWEB, or equivalent
  • (Plus) Exposure to AWS application-layer security services: WAF, API Gateway, Cognito, Shield
  • (Plus) Prior experience building or scaling a security champions program inside an engineering organization
Conditions & Benefits

Benefits

  • Competitive salary & equity
  • Unlimited PTO
  • Full Health, Vision, & Dental coverage
  • 401k match
  • Hardware setup: new MacBook Pro, big display, & accessories
Job Details
Market range (est.)$90k–$180k
LocationOffice
AI Score★★★★★★★☆☆☆ 7/10
PostedMay 20, 2026 (53d ago)
Tags & Skills
cryptodevsecurityweb3Otheroffice
Tech Stack
application securitypenetration testingsecure code reviewSASTDASTSCAPythonGoTypeScriptOAuth 2.0JWTRBACAWS

Similar Web3 Jobs

Browse Crypto Job Vacancies

The #1 Web3 Job Board for Crypto Jobs & Blockchain Careers

Web3Vacancy is the leading web3 job board for blockchain developers, DeFi engineers, smart contract auditors, NFT product managers, DAO operators, ZK researchers, and Web3 growth leads. We aggregate 2,400+ remote-first crypto jobs from top protocols, decentralized exchanges, layer-2 networks, AI-blockchain startups, and Web3 studios worldwide. Whether you are hiring or looking for your next blockchain job, Web3Vacancy is the go-to job board for the decentralized economy.

Find web3 jobs across every skill level and specialization. Solidity developers, Rust engineers, Move programmers, ZK circuit engineers, tokenomics designers, crypto legal counsel, Web3 community managers, and blockchain data analysts all find their next role here. New crypto job listings are added daily across Ethereum, Solana, Polygon, Arbitrum, Base, Cosmos, Sui, Aptos, and every emerging blockchain ecosystem.

Looking to start a web3 career? Explore our guides on web3 salaries, blockchain interview questions, and the top web3 companies hiring in 2026. New to blockchain? Start with our What Is Web3 guide and learn web3 development from scratch. Employers can post a web3 job or browse our web3 talent pool to hire blockchain developers directly.