Web3 Security Triager (AuditAgent & AgentArena)

What we’re building

Nethermind is building an AI-driven security product line that helps protocols and developers find vulnerabilities earlier, cheaper, and faster:

AuditAgent: AI-assisted smart contract vulnerability detection and insight generation for pre-audits and security workflows.

AgentArena: a platform where multiple independent audit agents run in parallel, with an arbiter/triage layer to deduplicate findings and score severity fairly.

This role is critical to our quality layer: you will validate AI-generated findings, filter out false positives, and ensure customers receive high-signal, actionable security insights.

What we need

A hands-on Web3 Security Triager who can evaluate smart contract vulnerabilities found by AI systems, participate in public audit competitions, and help improve our detection quality over time.

You’ll work closely with:

• Product and engineering teams building AuditAgent and AgentArena
• Security researchers and auditors at Nethermind Security
• External protocols and audit competition platforms (Code4rena, Sherlock, Cantina, etc.)

Role & Responsibilities

1. Triage AI-generated findings (AgentArena)

• Review and validate vulnerability reports generated by AI agents
• Filter false positives to ensure customers receive only high-quality, actionable findings
• Classify severity and provide clear reasoning for each decision
• Maintain fast turnaround without sacrificing accuracy

2. Run AuditAgent in public audit competitions

• Execute AuditAgent on live contests (Code4rena, Sherlock, Cantina, and similar platforms)
• Triage the output: validate real bugs, discard noise
• Write Proof of Concept (PoC) code for valid findings using AI coding tools
• Submit validated findings and track results to measure tool performance

3. Improve detection quality through feedback

• Share insights with the product and engineering team on common false positive patterns
• Propose new triage strategies, automation ideas, and process improvements
• Help build internal benchmarks and quality metrics based on real-world results

4. Document and communicate results (nice to have)

• Write internal reports summarizing competition outcomes and tool performance
• Contribute to public content (blog posts, case studies) showcasing AuditAgent/AgentArena capabilities

Requirements

• Solid understanding of Web3 security: common vulnerability classes in smart contracts (reentrancy, access control, oracle manipulation, etc.)
• Proficiency in Solidity: ability to read, understand, and reason about contract logic and potential exploits
• Proficiency with AI coding tools: hands-on experience with tools like Cursor, Claude Code, or similar — you should already be using AI to accelerate your workflow
• Ability to write PoC exploits: demonstrate valid bugs with working proof-of-concept code (using AI assistance is expected and encouraged)
• Strong attention to detail: triage requires careful analysis and clear severity reasoning
• Proactive and creative mindset: you’ll be expected to suggest improvements, not just execute tasks

Nice to have

• Experience with Solana / Rust smart contract security
• Prior participation in audit competitions (Code4rena, Sherlock, Immunefi, etc.)
• Background in security research or junior auditing roles
• Writing skills: ability to clearly document findings or write public-facing content
• Familiarity with common security tools (Slither, Foundry, etc.)

Working model

• Remote-first, globally distributed team.