Blockchain Security Analyst

About Chainlink

Chainlink is the industry-standard oracle platform bringing the capital markets onchain and powering the majority of decentralized finance (DeFi). The Chainlink stack provides the essential data, interoperability, compliance, and privacy standards needed to power advanced blockchain use cases for institutional tokenized assets, lending, payments, stablecoins, and more. Since inventing decentralized oracle networks, Chainlink has enabled tens of trillions in transaction value and now secures the vast majority of DeFi.

Many of the world’s largest financial services institutions have also adopted Chainlink’s standards and infrastructure, including Swift, Euroclear, Mastercard, Fidelity International, UBS, S&P Dow Jones Indices, FTSE Russell, WisdomTree, ANZ, and top protocols such as Aave, Lido, GMX and many others. Chainlink leverages a novel fee model where offchain and onchain revenue from enterprise adoption is converted to LINK tokens and stored in a strategic Chainlink Reserve . Learn more at chain.link .

We are seeking a Blockchain Security Analyst to support complex onchain investigations, threat analysis, and incident response efforts across the rapidly evolving digital asset ecosystem. In this role, you will analyze blockchain activity across EVM and non-EVM networks, trace illicit or suspicious fund flows, investigate exploits and laundering techniques, and help produce actionable intelligence for internal stakeholders and external partners.

You will work closely with security researchers, incident response teams, protocol teams, and data engineers to identify, analyze, and communicate meaningful findings from blockchain data. The ideal candidate combines deep technical understanding of blockchain infrastructure with strong analytical thinking, investigative instincts, and excellent communication skills.

This is a highly technical individual contributor (IC) role with significant ownership and impact. While this is not a management-track position, it offers meaningful opportunities to lead initiatives, drive investigations, build new capabilities, and shape how the team operates. If you enjoy solving difficult problems, operating with autonomy, and making a real difference in a fast-moving environment, this role offers a unique opportunity to do exactly that.

We value people who are collaborative, adaptable, and excited to continuously learn in an evolving space.

Your Impact

• Conduct blockchain investigations involving exploits, phishing campaigns, laundering activity, bridge incidents, and other onchain threats
• Trace funds across multiple chains, bridges, mixers, and DeFi protocols to identify patterns, attribution opportunities, and risk exposure
• Analyze transaction traces, calldata, logs/topics, and RPC-level blockchain data to produce high-confidence investigative findings
• Build lightweight tooling and scripts to automate repetitive analysis tasks, enrich datasets, and improve investigation workflows
• Produce concise, high-quality reports and presentations summarizing technical findings for both technical and non-technical audiences
• Support incident response efforts during active investigations and security events
• Collaborate with internal teams to improve detection methodologies, operational tooling, and investigative processes
• Stay current on evolving exploit techniques, threat actor tradecraft, laundering methodologies, and developments across the web3 ecosystem

Requirements

• Deep understanding of the EVM ecosystem, with familiarity across SVM and other non-EVM chains; able to clearly explain transaction structures, calldata, logs/topics, traces, and related onchain mechanics
• Strong working knowledge of common DeFi protocols, bridges, multisig architectures, and wallet infrastructure
• Comfortable extracting, analyzing, and interpreting onchain data using block explorers, transaction traces, event logs, and raw RPC responses
• Ability to build lightweight tooling and scripts to automate investigations, enrich datasets, or analyze blockchain activity
• Experience conducting blockchain investigations using tools such as Chainalysis Reactor, TRM Labs, Arkham, Nansen, and similar platforms
• Experience tracing funds across bridges, mixers, and cross-chain protocols
• Strong written and verbal communication skills, with the ability to synthesize complex technical findings into concise reports and presentations

Preferred Requirements

• Experience interacting directly with blockchain RPC endpoints rather than relying solely on third-party APIs and indexing services
• Familiarity with AI-assisted investigation workflows, automation, and development tooling
• Experience participating in on-call rotations and supporting incident response operations
• Familiarity with common exploit patterns, laundering techniques, phishing infrastructure, and threat actor tradecraft
• Understanding of sanctions screening and attribution methodologies
• Ability to read and reason about smart contract code (Solidity/Rust preferred)
• Familiarity with MEV, validator infrastructure, and transaction propagation mechanics
• Experience querying blockchain datasets via Dune, Flipside, BigQuery, or self-hosted indexers
• Prior experience in web3 startup environments

All roles with Chainlink Labs are global and remote-based. Unless otherwise stated, we ask that you try to overlap some working hours with Eastern Standard Time (EST).

We carefully review all applications and aim to provide a response to every candidate within two weeks after the job posting closes. The closing date is listed on the job advert, so we encourage you to take the time to thoughtfully prepare your application. We want to fully consider your experience and skills, and you will hear from us regarding the status of your application shortly after the closing date.

Commitment to Equal Opportunity

Chainlink Labs is an equal opportunity employer. All qualified applicants will receive equal consideration for employment in compliance with applicable laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us via this form .