This website uses cookies to ensure you get the best experience.

Certora and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Skip to main content
Security · Multiple locations · Fully Remote

Web3 On-Chain Researcher / SOC Analyst

About Certora

Certora is the security assurance partner trusted by the most advanced teams in Web3. Founded in 2018 by pioneers in programming languages and formal methods, Certora helps leading protocols like Lido, Aave, Uniswap, and Compound secure billions in value with confidence.

But we’re not just another auditor. We’re a full-stack security assurance platform, combining best-in-class formal verification tools with expert advisory services, delivered on time and with zero compromise. Whether you’re launching a new protocol, upgrading core infrastructure, or securing a DeFi primitive, Certora doesn’t just look for vulnerabilities. We help you prove correctness, accelerate your development speed, and embed safety into your design from day one.

With Certora, you get:

- Proven, scalable tooling for checking real deployed code

- A deep partnership model with on-demand support

- Fast, responsive execution that helps you go-to-market faster

For us, security isn’t a checklist, it’s a continuous process. Certora is the most comprehensive and trusted platform to ensure your platform is protected, even under adversarial conditions. From testnet to mainnet, we’re with you.

About the Role

Certora is looking for an experienced SOC Analyst – Web2 Security Operations to join our Security Operations team.

This role is focused on security monitoring, investigation, incident response, and operational improvement across Web2 environments. It is designed for a security professional who can take ownership of security events from initial triage through full investigation and response, while working effectively across internal teams and customer-facing situations.

This role goes beyond alert monitoring and triage. It requires strong investigative capabilities, including event research, enrichment, root-cause analysis, and building a clear operational understanding of incidents across multiple systems and data sources. We are looking for someone with strong Web2 security fundamentals and hands-on experience in SOC operations, detection, and incident response. Familiarity with Web3 security environments is a strong advantage, but not a requirement.


This is a non-shift position. However, availability outside business hours is required in the event of critical incidents.


Key Responsibilities

  • Perform day-to-day SOC operations, including alert handling, triage, escalation, and response coordination

  • Lead end-to-end security incident investigations and response activities across Web2 environments

  • Investigate and analyze security events across SIEM, EDR, cloud, identity, endpoint, and other operational data sources

  • Conduct deep event research and enrichment to establish context, assess impact, and support decision-making during incidents

  • Perform root-cause analysis and build a clear operational understanding of incidents across multiple systems and environments

  • Develop, tune, and optimize detection rules, thresholds, and correlation logic to improve signal quality and reduce false positives

  • Improve monitoring coverage and operational effectiveness through better alerting, enrichment, and investigation workflows

  • Produce clear investigation reports, technical findings, and executive-level summaries

  • Work directly with customers during active security events in a professional and structured manner

  • Develop and maintain playbooks, runbooks, and operational procedures

  • Build and maintain automations using scripting, SOAR platforms, and API-based workflows

  • Contribute to cross-functional security initiatives and continuous improvement of team processes

  • Support investigations involving Web3-related events when relevant

  • Fluent English, with the ability to communicate clearly and professionally in both written and verbal form



Mandatory Requirements

  • 3+ years of experience as a SOC Analyst, Incident Responder, or in a similar security operations role

  • Proven experience handling security incidents end-to-end

  • Strong hands-on experience in SOC operations, incident response, and security investigations

  • Strong knowledge of Web2 security fundamentals across endpoint, identity, cloud, and networked environments

  • Advanced hands-on experience with Splunk or a similar SIEM platform, including:

    • writing and tuning detection rules

    • parsing and data onboarding

    • understanding SIEM architecture

    • detection optimization and correlation logic

  • Experience working with EDR solutions such as SentinelOne, CrowdStrike, Microsoft Defender, or similar

  • Strong threat hunting and complex query-writing capabilities

  • Experience analyzing alerts, tuning thresholds, and improving signal quality to reduce false positives

  • Experience building automations and writing scripts using Python, Bash, and APIs

  • Experience working directly with customers during security incidents or security operations engagements

  • Ability to work independently, take ownership, and drive tasks through to completion

  • Fluent English, with strong written and verbal communication skills

  • Ability to work effectively in a remote environment while maintaining clear, proactive, and structured communication with the team lead and the rest of the team


Nice to Have

  • Familiarity with Web3 security investigations, including transaction analysis, wallet activity, smart contract-related incidents, and on-chain context

  • Experience investigating security events in hybrid Web2 / Web3 environments

  • Experience with SOAR platforms

  • Cloud security experience in AWS / Azure / GCP

  • Experience working in a startup or high-growth environment

  • Strong incident response methodology knowledge, including root-cause analysis and lessons-learned processes

Who You Are

  • Independent, accountable, and comfortable taking ownership end-to-end

  • Proactive, hands-on, and solution-oriented

  • A strong communicator and team player, with the ability to work remotely while maintaining clear and structured reporting

  • Fast learner, able to quickly ramp up on new technologies, domains, and attack patterns

  • Analytical and methodical, with strong investigative and root-cause analysis skills

  • Able to communicate technical findings clearly to both technical and non-technical stakeholders

  • Process-oriented, with a continuous improvement mindset

  • Automation-driven and focused on operational efficiency



Certora People

We are Customer Centric, when we commit, the customer knows we will deliver in a quality and timely manner.

We Move Fast - we’re looking for people with a bias for action and a sense of urgency to achieve quick results while we also Break Nothing – we have high-quality standards, we are looking for people who are professional and hold themselves accountable.

We win as a Team – our teams are distributed around the world. We understand our individual roles and commit to the team's goals.

We have a positive “can do” attitude. We support each other and are encouraged to ask for help and advice. We enable people to grow by clarifying expectations and giving candid feedback and on-the-job development opportunities. We welcome collaboration both internally and externally for outstanding delivery.

We are Pioneers in DeFi security. We are one of the best companies to help developers and security researchers secure Web3, but we try to stay humble and are always eager to learn more.

Why join Certora?

Certora provides you a wonderful opportunity to:

  • Work on cutting-edge technology and challenging problems at the forefront of Web3 applications and technologies

  • Contribute to securing the web3 ecosystem with the leading provider of end-to-end security for blockchain-based applications

  • Experience a friendly creative start-up environment with top talent in the domain

  • Work in a fast-paced and supportive culture: we move fast and break nothing!

  • Enjoy flexible work (remote / hybrid)

  • Get competitive compensation & benefits (including equity)



Department
Security
Role
Web3 On-Chain Researcher / SOC Analyst
Locations
Argentina, Brazil, India, Vietnam, Israel, Philippines, Colombia
Remote status
Fully Remote
Employment type
Full-time
Security · Multiple locations · Fully Remote

Web3 On-Chain Researcher / SOC Analyst

Loading application form

Already working at Certora?

Let’s recruit together and find your next colleague.

@certora-demo.com
Applicant tracking system by Teamtailor