Senior Application & Web3 Security Engineer

About KGeN

KGeN is building the Verified Distribution Protocol (VeriFi) for AI, DeFi, and Gaming - built on real users and real commerce to accelerate growth for projects across these industries.

Since its founding by global leaders in the consumer and gaming sectors, KGeN has grown to become the dominant growth engine in the Global South. With 45.7 million users, 6.7 million monthly active users, and $64 million in annualized revenue, KGeN delivers verified user acquisition, on-chain loyalty programs, and decentralized storefronts via its POGE, the identity and reputation framework and a global clan network spanning more than 60 countries.

Role Overview

We are hiring a Senior Application & Web3 Security Engineer to secure our application stack, APIs, and blockchain systems. This role is focused on hands-on security engineering, including smart contract reviews, application threat modeling, and DevSecOps automation.

You will work closely with product, backend, and blockchain engineering teams to identify vulnerabilities early and ensure secure system design across both Web2 and Web3 environments.

Key Responsibilities

Smart Contract & Web3 Security

• Conduct security reviews and audits of smart contracts written in Solidity or Rust
• Identify vulnerabilities such as:
• Reentrancy
• Access control flaws
• Oracle manipulation
• Flash loan attacks
• Assess security risks across Web3 infrastructure, including nodes, RPC services, and wallets

Application Security

• Perform security reviews of APIs, backend services, and web applications
• Conduct threat modeling using frameworks such as STRIDE and abuse case analysis
• Identify and remediate vulnerabilities including:
• Injection attacks
• Broken authentication
• Logic flaws
• Privilege escalation

Secure SDLC & DevSecOps

• Implement and maintain SAST and DAST tooling within CI/CD pipelines
• Integrate security testing into GitHub/GitLab workflows
• Improve engineering processes around secure coding practices

Supply Chain & Dependency Security

• Monitor and remediate risks in third-party dependencies and software supply chains
• Implement security checks for open-source dependencies

AI Security & Abuse Prevention

• Assess risks related to AI system abuse, including:
• Prompt injection
• Data leakage
• Model misuse
• Work with engineering teams to implement secure AI integration patterns

Detection & Security Monitoring

• Integrate application security findings into SIEM and monitoring platforms
• Create detections and alerting for application and blockchain attack patterns

Required Qualifications

• 5-10 years of experience in Application Security or Security Engineering
• Hands-on experience performing smart contract security reviews or audits
• Strong understanding of Web3 architecture and blockchain ecosystems
• Deep experience with API security, backend security, and web application vulnerabilities
• Experience implementing SAST / DAST security testing in CI/CD pipelines
• Familiarity with threat modeling methodologies such as STRIDE

Preferred

• Experience participating in bug bounty programs or red team engagements
• Prior experience in crypto, DeFi, or blockchain infrastructure companies

Technical Environment

Security Tooling

• SAST / DAST security tools (final selection TBD)
• Dependency and supply chain security platforms

Infrastructure

• Cloudflare WAF rule tuning and protection strategies
• Web3 infrastructure, including RPC nodes, wallets, and blockchain services

Engineering Platforms

• GitHub / GitLab CI pipelines
• Secrets management systems
• Integration of security events into SIEM platforms

Success in This Role

• Reduce vulnerability exposure across applications and smart contracts
• Establish strong secure development practices across engineering teams
• Improve detection of application and blockchain attack patterns
• Serve as a trusted security partner to product and engineering teams"