Director, Cybersecurity Blockchain Security Auditor

Job Description:

Emerging technologies and digital assets are being adopted at an ever-increasing pace. Fidelity is investing in a number of projects in this space. The mission of the Emerging Technology Cybersecurity Assessment Team is to protect Fidelity's assets and our customers' livelihoods from the threat of exploitation by malicious adversaries. We do this by proactively helping developers to identify vulnerabilities in our systems and serving as subject matter experts to enable the business units to mitigate them in a positive, collaborative, innovative manner. This is done by providing training and tooling to teams to enable them to seamlessly integrate security into all stages of the development pipeline.

We are seeking an experienced and visionary security blockchain auditor to join our organization's efforts in securing the blockchain and crypto projects. The ideal candidate will be an expert in Ethereum & Solidity and will have significant experience with other blockchain platforms such as Rust & Solana. They would have work experience as a blockchain security auditor for a year or more. Experience in other emerging technologies would be beneficial but not required for this role (ie: AI security, multi-user platforms and gaming, software bots, social media). The candidate should preferably have a deep understanding of the crypto security landscape and be well-versed in the latest technologies, threats, and countermeasures. This is a high-visibility role that requires strong technical expertise, strategic thinking, and collaboration with cross-functional teams. This is an individual contributor role.

• We aspire to be a best-in-class Emerging Technology Cybersecurity Assessment team, with fully engaged, passionate members.
• Producing high-quality work in a consistent, effective, efficient, customer-oriented manner.
• Providing competitive advantage to the firm and serving as a differentiator in the marketplace.
• Serving as a role model for others across the Enterprise and wider industry.
• Driving advancement and research in the cybersecurity space.

• Join a highly skilled team of subject matter experts to enable the development community to build secure emerging technologies
• Develop and implement comprehensive cybersecurity strategies to protect our organization's emerging technology platforms, including blockchain, AI, software bots, multi-user platforms
• Perform security reviews smart contracts and provide expert guidance on security best practices
• Collaborate with development teams to ensure the secure development and deployment of blockchain-based applications
• Stay up to date with the latest advancements in emerging technologies, including:
• Blockchain, generative AI, software bots, and multi-user platforms
• Games, social media applications, and other online platforms
• Research, develop and document, technical guidance and best practices for emerging technologies
• Monitor published vulnerabilities in emerging technologies and provide leadership on the impact of those vulnerabilities and guidance on how to remediate them
• Design and develop training material for new technologies to help them avoid common security issues
• Partner with other teams within Enterprise Cybersecurity to improve the overall security of Fidelity's detective capabilities, applications, and infrastructure

• Bachelor's degree in computer science, Cybersecurity, or analytical field; advanced degree preferred
• Smart contract security audit experience
• 8+ years of experience in emerging technologies
• Demonstrated experience in smart contract assessments such as:
• In-depth knowledge of common libraries, templates, and protocols (e.g., OpenZeppelin, Web3.js)
• Proficiency in testing methodologies, including unit testing, property-based testing, dynamic testing, and fuzzing (e.g., Truffle, Ethers.js)
• Familiarity with monitoring tools, alerts, and logging mechanisms
• Experience with development platforms like Hardhat, Foundry, or Forge
• Understanding of crypto audit operations and security requirements
• Expert level knowledge with cryptocurrency and blockchain technologies such as:
• Key sharding algorithms and MPC
• Key lifecycle management and digital wallet security
• Secure storage, transfer, and exchange of digital assets
• Custody platforms such as Fireblocks
• Expert level knowledge in the following:
• Programming languages such as Solidity, Rust, and Python
• Ethereum, Solana, Avalanche, and other blockchain platforms
• DeFi operations, staking, node operations, tokenization, and ERC-20 standards

• Experience / familiarity with following is preferred:
• Generative AI, software bots, multi-user platforms and games, social media applications
• Experience with security testing, vulnerability assessment, penetration testing, cloud security platforms (e.g., AWS, Azure)
• Excellent communication and collaboration skills, with the ability to work with cross-functional teams
• Strong strategic thinking and problem-solving skills, with the ability to develop and implement comprehensive cybersecurity strategies
• Highly motivated with the willingness to take ownership / responsibility for your work and the ability to work alone or as part of a team