Smart Contract Developer (Security Engineer) Headline

Perpetuals Group is seeking an experienced project-based Smart Contract Security Engineer / Solidity and Solana Auditor to support the design, review, testing, security audit, and penetration testing of regulated blockchain-based asset contracts. The primary focus is on Ethereum/Solidity and Solana/Rust, with other blockchain ecosystems considered a benefit.

The project involves tokenized financial instruments and regulated digital assets, including ERC-20 tokens and ERC-3643/T-REX permissioned token designs. This is not a generic blockchain developer role: the ideal candidate can think like a developer, auditor, and adversarial security tester, writing and reviewing production-grade smart contracts, building automated test suites, identifying vulnerabilities, challenging the architecture, and documenting findings clearly for both technical and non-technical stakeholders.

• Review and improve Solidity smart contracts for Ethereum/EVM-based deployments.
• Review and improve Solana programs written in Rust, preferably using Anchor.
• Assess regulated token logic, including ERC-20 and ERC-3643/T-REX permissioned designs.
• Review and test minting, burning, pausing, blacklisting, freezing, whitelisting, KYC-gated transfers, forced transfers, confiscation/destruction, upgradeability, deprecation, and migration logic.
• Identify risks in role-based permissions, owner privileges, admin keys, multisig controls, and emergency functions.
• Perform manual code review, static analysis, fuzz testing, invariant testing, negative-path testing, and exploit scenario modeling.
• Prepare clear security audit reports and provide recommendations for secure deployment, admin controls, multisig usage, monitoring, and incident response.

• Strong professional experience with Solidity development and smart contract security reviews.
• Understanding of Ethereum/EVM token standards and security patterns: ERC-20, ERC-3643 or comparable permissioned tokens, OpenZeppelin, Ownable and AccessControl, pausable contracts, upgradeable proxies, allowance handling, storage layout safety, and transfer-restriction logic.
• Practical Solana experience: Rust-based programs, Anchor, SPL tokens, Token-2022, transfer hooks, program-derived addresses, account/signer/ownership validation, authority management, and cross-program invocation risks.
• Strong understanding of blockchain security risks including reentrancy, access-control failures, authorization bypasses, broken compliance checks, upgradeability flaws, storage collisions, integer/logic errors, DoS vectors, account-substitution attacks, and incorrect PDA derivation.
• Beneficial: experience with other ecosystems (Polygon, Arbitrum, Base, Avalanche, BNB Chain, Tron, Stellar, Cosmos), RWAs, stablecoins, tokenized securities, custody systems, Safe multisig, formal verification, symbolic execution, and incident response.

This is a project-based engagement. Expected deliverables include reviewed and improved Ethereum/Solidity contract templates, reviewed Solana/Rust program architecture, an automated test suite or coverage recommendations, a security audit report with findings and severity ratings, a threat model, a deployment and upgrade checklist, admin-key and multisig recommendations, and a retest report confirming remediation. The candidate should be available for technical review sessions with engineering leadership. Compensation was listed only as an estimated range on the source job board, so no employer-stated salary is recorded here.