About KGeN

KGeN is building the Verified Distribution Protocol (VeriFi) for AI, DeFi, and Gaming - built on real users and real commerce to accelerate growth for projects across these industries.

Since its founding by global leaders in the consumer and gaming sectors, KGeN has grown to become the dominant growth engine in the Global South. With 45.7 million users, 6.7 million monthly active users, and $64 million in annualized revenue, KGeN delivers verified user acquisition, on-chain loyalty programs, and decentralized storefronts via its POGE, the identity and reputation framework and a global clan network spanning more than 60 countries.

EXPERIENCE BAR

• 7–10 years total in security engineering or application security
• 3–5 years hands-on, independent smart contract audits or Web3 security reviews
• Demonstrated track record: public audit reports, CVEs, bug bounty payouts, or verifiable internal findings

We will ask you to walk us through:

• A smart contract audit you led — independently
• A critical or high-severity vulnerability you found in a production system
• A security program you built that outlasted your own involvement

If you cannot speak concretely to all three, this role is likely not the right fit yet.

WHAT YOU WILL OWN

This is an IC role with direct ownership — not a support function.

Smart Contract & Web3 Security

• Lead audits of Solidity and/or Rust smart contracts — independently
• Identify reentrancy, access control flaws, oracle manipulation, flash loan vectors, and composability risks
• Own wallet architecture security, private key management, and RPC node hardening
• Define the threat model for new on-chain features before they ship

Application Security

• Own security reviews across APIs, backend services, and financial data systems
• Drive threat modeling using STRIDE at the design stage — not after code ships
• Identify logic flaws, broken auth, injection, and privilege escalation ⬡

Secure SDLC & DevSecOps

• Design and enforce SAST/DAST tooling in CI/CD (GitHub/GitLab) — not just recommend it
• Set secure coding standards across engineering squads
• Own secrets management, dependency hygiene, and supply chain security

Detection & Monitoring

• Build detection engineering for on-chain and app-layer attack patterns
• Integrate findings into SIEM with actionable alerting and runbooks
• Tune Cloudflare WAF for production-grade protection

REQUIRED

• 7–10 years in application security or security engineering
• 3–5 years independent smart contract audits or Web3 security
• Proven findings: CVEs, public audit reports, or bug bounty payouts
• Deep grasp of EVM architecture, wallet security, and private key management at scale
• Experience in DeFi protocol risk, TradFi, or fintech financial system security
• SAST/DAST in CI/CD — implemented and enforced, not just evaluated
• STRIDE threat modeling on greenfield systems

PREFERRED

• Public reports on Code4rena / Sherlock / Immunefi with documented findings
• Prior security lead or staff engineer role at a crypto / DeFi / blockchain company
• Red team or offensive security background
• Solana (Rust) experience in addition to EVM

OUR STACK

• Chains: EVM-compatible (primary) · Solidity in production
• Infra: Cloudflare WAF · RPC nodes · Wallet systems · On-chain identity (POGE) - -
• Engineering: GitHub/GitLab CI · Secrets management · SAST/DAST tooling