Protocol Security Engineer

Morpho
FR
Remote

Who this role is best for

Geared toward senior security engineers comfortable with formal verification and bug bounty programs in the DeFi lending space, with a preference for remote work within specific time zones.

Best fit for

  • Senior smart contract auditors with formal verification expertise
    — “3+ years of experience in smart contracts auditing
  • Security researchers who thrive in fast-moving, remote-first environments
    — “navigating uncertainty is part of the job

Things to consider

  • Must be available during -5h GMT to +2h GMT time zones
    — “remote (from -5h GMT up to +2h GMT
  • Requires autonomous ownership of security domains
    — “take full ownership of security domains

How to stand out

  • Highlight specific instances where you identified critical smart contract vulnerabilities
    — “Proven track record of identifying critical vulnerabilities in smart contracts
  • Demonstrate experience with Certora or similar formal verification tools
    — “Implement formal verification rules using Certora
  • Showcase contributions to bug bounty programs or security research publications
    — “Publication record in applied cryptography, security, or related domains
Pace · Fast PacedCollaboration · HighAutonomy · HighDecision Impact · TeamLevel · Senior

Derived from job-description analysis by Serendipath's career intelligence engine.

What success looks like

  • Implement formal verification rules
  • Conduct comprehensive security reviews
Typical background
Masters or PhD in Computer Science or related fieldExperience in blockchain and smart contract security

Skills & requirements

Required

Smart ContractsFormal VerificationSecurity ReviewsBug Bounty Programs

Preferred

Decentralized Finance (defi)Certora

Stack & domain

CertoraSmart ContractsFormal VerificationSecurity ReviewsBug Bounty ProgramsDecentralized FinanceDefiLending Protocol

About the role

As a Protocol Security Engineer at Morpho, you'll be tasked with enhancing the security of smart contracts through formal verification and security reviews, ensuring that the DeFi lending protocol operates without vulnerabilities. This role is ideal for someone who not only excels in technical security but also thrives in a collaborative, fast-paced environment where clear communication is key.

Original posting from Morpho via Ashby

About Morpho

Morpho is a leading Decentralized Finance (DeFi) lending protocol that raised $70 million from Ribbit Capital, a16z crypto, Coinbase Ventures, Variant, Brevan Howard, Pantera, Blocktower, and 50 others to build an open lending network giving anyone, anywhere, access to the best possible terms. Morpho is experiencing explosive growth, with over $10 billion in deposits on the network, solidifying itself as the new standard for DeFi lending. Now, Morpho is scaling its team of contributors to establish itself as a cornerstone, not just of DeFi, but of a new internet-native financial system.

Our Mission

Morpho’s mission is to power human ambition with open access to capital. Human ambition has no borders, but the capital to fuel it does. Today’s financial system is closed and fragmented. No one sees all opportunities, most overpay, and some are excluded entirely. We believe capital should flow efficiently to where it’s needed most — giving anyone, anywhere, access to the best possible terms.

Location

Paris or remote (from -5h GMT up to +2h GMT to ensure sufficient overlap with the rest of the team).

How we work

We move fast on hard problems in a nascent market with no set playbook : navigating uncertainty is part of the job. You’ll be challenged: anyone can question work and decisions must be justified. We keep a high bar and match it with high support: we help each other unblock and share context openly, with low ego. More about our values: morpho.org/jobs http://morpho.org/jobs.

Role

The mission of this role is to ensure the security and robustness of Morpho's smart contracts by conducting formal verification, security reviews, and managing bug bounty programs to ship safer protocols and reduce audit cycle times.

Responsibilities

  • Implement formal verification rules using Certora on Morpho smart contracts to validate critical invariants and reduce vulnerabilities before deployment.
  • Conduct comprehensive security reviews of protocol smart contracts to identify critical bugs and strengthen the attack surface before audits.
  • Own the bug bounty program by triaging submissions, communicating with security researchers, and coordinating response to critical findings.
  • Build periphery smart contracts that integrate with the core protocol to extend functionality while maintaining security standards.
  • Research emerging attack vectors and new vulnerability classes to keep the team ahead of threats and inform security best practices.
  • Represent Morpho's security approach at conferences, meetups, and through published research to build credibility in the security community.

What Success Looks Like

In your first 30 days

You will gain a solid understanding of Morpho v1 and vault v2 architecture, and implement initial formal verification rules using Certora on Vault/Market V2 contracts.

By Month 4–6

You will have complete understanding of Morpho v1 and v2, autonomously formulate and implement the most important contract invariants and own triage and validation of our smart contract bug bounty program.

By Month 12

You will have made meaningful security contributions that increase robustness and reduce attack surface, identified new attack vectors, and distilled security best practices that the entire Protocol team relies on.

Competencies & Traits

Adaptability

You thrive in a fast-moving, remote-first environment where protocol priorities and timelines shift based on research findings and ecosystem developments.

Clear Communication

You excel at async communication through Slack and meetings, articulating complex security concepts clearly to help the team make progress through discussion and collaboration.

Ownership & Autonomy

You take full ownership of security domains, make decisions independently, and drive work forward without waiting for direction.

Low Ego & Team-First Mindset

You prioritize mission over personal goals, share credit transparently, and view security as a collective responsibility rather than individual heroics.

Critical Thinking & Curiosity

You challenge assumptions, provide constructive feedback, and continuously research new methods to stay ahead of emerging threats.

Must-have Experience & Skills

  • Master's degree in Computer Science, Cybersecurity, Software Engineering, or a related field
  • 3+ years of experience in smart contracts auditing
  • Proven track record of identifying critical vulnerabilities in smart contracts
  • Extensive knowledge of Ethereum Virtual Machine, Solidity and the blockchain ecosystem
  • Excellent written and verbal communication skills
  • Interest in DeFi and lending protocols
  • Low ego and collaborative mindset

Nice to Have

  • Experience with bug bounty programs and platforms, including triage, validation, and researcher communication
  • Experience writing smart contracts securing significant TVL
  • Publication record in applied cryptography, security, or related domains

Perks & benefits:

We design benefits around deep work and growth, so you can do the best work of your career. Expect fair, top-tier compensation, real flexibility, time together in Paris, great health coverage, and support to keep learning.

Equal opportunity

We welcome applicants from all backgrounds and hire based on talent, potential, and values alignment.

Ready to shape the future of finance?

Source: Morpho careers (Ashby)

Similar roles