Founded in 2021 by former Ethereum Foundation Solidity engineers, Spearbit tackles Web3 security challenges. Our founding team built the leading blockchain language and secured the largest smart contract, protecting over $160B in value.
We're building Cantina, the "GitHub for Security", connecting security researchers with projects needing expertise. Our Cantina security platform has powered major competitions and serves the leading projects in Web 3. It currently supports collaborative security reviews, public and private security competitions, bug bounty programs, incident response, and AI code analyzer.
Similar to how cloud-security startups emerged previously, Cantina aims to be the definitive code-security platform for the future.
The Opportunity: We’re looking for a Bug Bounty Triager to join our team. In this role, you’ll be the first line of defense in reviewing vulnerability submissions, ensuring both speed and technical accuracy. Your work will help maintain the integrity of Cantina’s bounty ecosystem, foster trust between projects and whitehats, and raise the bar for security practices across the industry.
What you'll do:Review, reproduce, and validate incoming vulnerability reports across smart contracts, DeFi protocols, and blockchain systems.
Assess severity and impact in the context of each project’s unique architecture and threat model.
Communicate with researchers to clarify missing details and provide constructive feedback on invalid or incomplete submissions.
Write clear and concise summaries for each validated report, including reproduction steps, impact analysis, and recommended mitigations.
Partner with Cantina’s program managers to ensure smooth workflows between security researchers, project teams, and internal stakeholders.
Contribute to the design and continuous improvement of Cantina bounty programs, workflows, and tooling.
Support other Cantina Security services that require triaging expertise.
Serve as a trusted bridge between projects and whitehats, balancing fairness, transparency, and accuracy in outcomes.
Strong foundation in smart contract security, including common vulnerability classes and exploitation techniques.
Ability to read and analyze Solidity and other EVM-compatible languages; familiarity with Rust-based blockchains (e.g., Solana, Substrate) or other blockchain infrastructure.
Experience reviewing code bases, identifying vulnerabilities, and reproducing exploits.
Understanding of DeFi mechanisms (e.g., AMMs, lending protocols, bridges) and ability to quickly learn new protocol designs.
Familiarity with vulnerability disclosure workflows and bug bounty ecosystems.
Excellent written communication: able to explain technical issues clearly, neutrally, and with professionalism to both security engineers and non-technical stakeholders.
Detail-oriented and organized, able to manage a steady flow of incoming reports while maintaining high accuracy.
Competitive salary and performance-based compensation opportunities
Opportunity to work in an early-stage startup with a talented and passionate team
Exposure to high-profile clients in the blockchain and cryptocurrency industry
Comprehensive health, dental and vision benefits
401k matching program
Join Spearbit and help us build the future of code security!
Top Skills
Similar Jobs
What you need to know about the Los Angeles Tech Scene
Key Facts About Los Angeles Tech
- Number of Tech Workers: 375,800; 5.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Snap, Netflix, SpaceX, Disney, Google
- Key Industries: Artificial intelligence, adtech, media, software, game development
- Funding Landscape: $11.6 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Strong Ventures, Fifth Wall, Upfront Ventures, Mucker Capital, Kittyhawk Ventures
- Research Centers and Universities: California Institute of Technology, UCLA, University of Southern California, UC Irvine, Pepperdine, California Institute for Immunology and Immunotherapy, Center for Quantum Science and Engineering
