Web3 Security Triager (AuditAgent & AgentArena)

What we're building

Nethermind is building an AI-driven security product line that helps protocols and developers find vulnerabilities earlier, cheaper, and faster:

AuditAgent: AI-assisted smart contract vulnerability detection and insight generation for pre-audits and security workflows.

AgentArena: a platform where multiple independent audit agents run in parallel, with an arbiter/triage layer to deduplicate findings and score severity fairly.

This role is critical to our quality layer: you will validate AI-generated findings, filter out false positives, and ensure customers receive high-signal, actionable security insights.

What we need

A hands-on Web3 Security Triager who can evaluate smart contract vulnerabilities found by AI systems, participate in public audit competitions, and help improve our detection quality over time.

You'll work closely with:

• Product and engineering teams building AuditAgent and AgentArena

• Security researchers and auditors at Nethermind Security

• External protocols and audit competition platforms (Code4rena, Sherlock, Cantina, etc.)
  

Role & Responsibilities

1) Triage AI-generated findings (AgentArena)

• Review and validate vulnerability reports generated by AI agents

• Filter false positives to ensure customers receive only high-quality, actionable findings

• Classify severity and provide clear reasoning for each decision

• Maintain fast turnaround without sacrificing accuracy
  

2) Run AuditAgent in public audit competitions

• Execute AuditAgent on live contests (Code4rena, Sherlock, Cantina, and similar platforms)

• Triage the output: validate real bugs, discard noise

• Write Proof of Concept (PoC) code for valid findings using AI coding tools

• Submit validated findings and track results to measure tool performance
  

3) Improve detection quality through feedback

• Share insights with the product and engineering team on common false positive patterns

• Propose new triage strategies, automation ideas, and process improvements

• Help build internal benchmarks and quality metrics based on real-world results
  

4) Document and communicate results (nice to have)

• Write internal reports summarizing competition outcomes and tool performance

• Contribute to public content (blog posts, case studies) showcasing AuditAgent/AgentArena capabilities

Requirements

• Solid understanding of Web3 security: common vulnerability classes in smart contracts (reentrancy, access control, oracle manipulation, etc.)

• Proficiency in Solidity: ability to read, understand, and reason about contract logic and potential exploits

• Proficiency with AI coding tools: hands-on experience with tools like Cursor, Claude Code, or similar — you should already be using AI to accelerate your workflow

• Ability to write PoC exploits: demonstrate valid bugs with working proof-of-concept code (using AI assistance is expected and encouraged)

• Strong attention to detail: triage requires careful analysis and clear severity reasoning

• Proactive and creative mindset: you'll be expected to suggest improvements, not just execute tasks
  

Nice to have

• Experience with Solana / Rust smart contract security

• Prior participation in audit competitions (Code4rena, Sherlock, Immunefi, etc.)

• Background in security research or junior auditing roles

• Writing skills: ability to clearly document findings or write public-facing content

• Familiarity with common security tools (Slither, Foundry, etc.)

Working model

• Remote-first, globally distributed team.