We're looking for individuals with exceptional talent in vulnerability research, web security, cryptography, and/or reverse engineering—people who can find bugs no one else can.

About Us

We do the best security reviews in the world. Our clients include Polymarket, Canonical, Protonmail, Cognition, and the Solana Foundation. Before Zellic, we previously founded perfect blue, the #1 CTF team in 2020, 2021, and 2023 as part of Blue Water.

We are an employee-owned company. We’re consistently profitable, with a team of 50+ and growing (mostly CTF players). We value steady, long-term success over short-term gains.

What You’ll Do

You'll work alongside the best hackers in the world. Day-to-day, that means:

• Auditing client code across a wide range of challenging targets—compilers, virtual machines, web apps, databases, circuits, proof systems, and more
• Writing clear, professional reports that explain vulnerabilities and their impact
• Keeping up with new attacks, techniques, and research
• Contributing to Zellic's public research through blog posts and, optionally, conference talks

Qualifications

You should be strong in at least one of these areas:

• Pwn. Finding and exploiting vulnerabilities in native software. You know the AFL++ command line parameters by heart. We especially value browser exploitation, kernel exploitation, or virtual machine escapes.
• Web. Breaking web applications. You believe CSP stands for “Client Side Puzzle”. You find and abuse logic bugs and design flaws. You have a track record as a bug bounty veteran.
• Cryptography. Attacks, protocol design, and secure implementation. You enjoy diving into and reimplementing a paper. Strong math background paired with broad knowledge of important primitives. Knowledge of hash-based crypto or lattices is a plus.
• Reverse Engineering. Decompilation, program analysis, formal methods, and programming languages. You love Z3 and SSA form. You can take apart anything and aren’t afraid to tackle an obfuscated VM.
• Misc. You intimidate software into finding bugs in itself, simply by looking at it.

Other Nice-To-Haves

• A healthy dose of skepticism and the ability to think independently and critically
• An interest in finance or blockchain is welcome but not required. Many of our hires have no prior blockchain experience.