# Spearbit Technical Account Manager Job Description Spearbit is a DAO for web3 security researchers. Web3 projects often have to decide between waiting months for a security review or shipping unaudited code to keep up with the competition. Spearbit fixes this through a freelance marketplace of vetted security researchers who pair on collaborative teams. We’re looking for an Account Manager to assist with our audit marketplace. This person will assist with the matching of qualified security researchers to prospective clients that want to engage with our community. Once the security review begins, the Account Manager will be responsible for ensuring quality service delivery through effective project management. During the security review, the account manager will utilize their high level knowledge of developer security to flag process errors and breakdowns in communication between clients and security researchers. This position isn’t technical in the sense that you won’t be engaging in manual code review, but does require a knowledge of DevSecOps best practices and how to effectively integrate security researchers into the development lifecycle of clients. A background that would prepare you for this role could include having a project management role at a major web3 security auditing firm or a PM role at a major crypto protocol who has worked with security audit firms. # **Benefits** - **Competitive compensation:** $150-200K/yearly salary + equity or $150/hr on contract basis (dependent on your preference, we're fine with this being a contract job or a salaried position) - **Option of getting paid in digital currency** # **Our Values** Some of our values: - **Professional Inclusion:** We’re building a community of diverse security researchers in service of our mission to grow the wider web3 security talent pool. This means we are professional and respectful at all times due to the importance of our mission. - We have a culture that facilitates psychological safety as this is conducive to effective security research. Everyone needs to be able to speak up in order to catch (and improve) both cultural and technical issues in service of our clients and the end user. - **Effective Teams:** Building a security DAO is no small mission. We think it’s possible to accomplish this by recruiting and retaining disproportionately productive individuals who can contribute to effective organizations at scale. We’re looking for people who are decisive and professional, not those that want to admire problems without presenting tangible solutions. - **Clear Communication:** We’re a fully-distributed team, so writing clearly matters, whether that’s an email, a Notion doc, or a Discord message. - In addition to an annual professional development budget, we also offer a separate dedicated remote work stipend. We’re building a remote first team with an emphasis on continuous improvement in everything we do, including how we run daily operations. - **Value Creation:** We care about economically incentivizing our community to work on critical security work as opposed to the other (potentially more frivolous) things they could be working on, and we want to ensure that you’re incentivized to work with us and our community as well. Our compensation will match this. # **Our Mission** Spearbit exists to increase the talent pool and opportunities of web3 security researchers by pairing some of the best talent in the security auditing industry with new talent that are making the jump into web3 security. Everything we do is in service of the end user- people who put their money and effort into using the web3 projects that Spearbit reviews. Spearbit is venture backed by Nascent and other investors including Jinglan Wang, 1KX, Koji Capital and Ryan Selkis. We just closed our $1.5M seed, giving us financial backing to empower security researchers. ### About Spearbit Labs Spearbit Labs is a Delaware corporation whose goal is to act as a service provider which bootstraps and develops the Spearbit DAO in its early stages. It exists to support the progressive decentralization of Spearbit DAO operations. # **Requirements & Responsibilities** - Handle all operational aspects of our auditing business post-sale (on the client side) and post initial recruitment (on the security researcher side). - DevSecOps knowledge of how security researchers fit into client development team lifecycle - Deep market knowledge of crypto verticals (DeFi, NFTs, DAOs) and the security implications of various types of clients in order to match with qualified security researchers - Project Management of audit clients post sale - Working with Lead Security Researchers (our subject matter experts on Security audits) to mentor and provide feedback on the performance of our community’s junior security researchers - Be the go-to person on all things audit operations. Ideal candidate has 2+ years project management experience in a web3 security audit firm and/or project management of a major crypto protocol with a security focus. # **Location** - We're a fully-distributed team across the Eastern US and Central Europe. - Preference is to be somewhere between Eastern US and Central European Time, but not mandatory. # **Interested?** Great, we’d love to chat! Please email us at [team@spearbit.com](mailto:team@spearbit.com)
Last changed by  
Spearbit
858

Read more

D&S: Report style guide

Spearbit uses a markdown based template to collaboratively write the final report for security reviews. This markdown file is then converted to a PDF with minimal additional modifications. Use hackmd.io to collaborate on reports. Example of the markdown file: Brink security review (engagement 2). Example of a rendered pdf. An example issue can be found in Appendix. General suggestions The issue description should be detailed. Ideally, someone who is outside of the project and the security review team should be able to understand the issues, merely by reading the issue description. Sort by highest to lowest severity. For example, a critical bug that steals all the funds should appear before a generic suggestion such as floating pragma.

6/22/2023
Brink Security Review (engagement 2)

Spearbit Spearbit is a decentralized network of expert Web3 security engineers. Together, we help secure the Web3 ecosystem. We offer security reviews and related services to Web3 projects. Our network has experience at every part of the stack, including protocol design, smart contracts, and the Solidity compiler itself. Spearbit brings in untapped security talent: expert freelance auditors want flexibility to work on interesting projects together. Learn more about us at https://spearbit.com. Introduction The Brink protocol is designed for automating conditional orders on EVM compatible chains. For an introduction to the basic mechanics, one can consult the report from Spearbit's first security review of Brink. This follow up specialized review by Spearbit focussed on a unique extension of "EIP-1167: Minimal Proxy Contract". The Brink protocol designed a gas efficient proxy implementation, based on EIP-1167 that also stores the address of the owner in the proxy. Details can be found in the section: "custom proxy code". In short, the address of the owner is appended at the end of the runtime code, and read using a extcodecopy of the relevant bytes in code; let's call this the data section. The focus of the security review was on the following:

5/3/2023
Spearbit vCISO and Security as a Service 🦾

About Us The Role If your Chief Information Security Officer (CISO) role is vacant or you need a project-based executive expertise then our community of vCISO's is the solution for you. Our vCISO's serve as a technology leader responsible for advising on high-level technical guidance, smart contract best pracitces, architectural review and development/testing framework during your software development lifecycle by directly reporting to the CTO, CEO, and Founders. By embedding this individual or pairing of vCISO's onto your team this allows you to prepare for external reviews, execute on technical development and reduce risk. World Class Leaders Spearbit has to date built one of the largest communities of security personel in the blockchain space.

1/26/2023
Spearbit Technical Copy Writer Contractor

Spearbit is a DAO for web3 security researchers. Web3 projects often have to decide between waiting months for a security review or shipping unaudited code to keep up with the competition. Spearbit fixes this through a freelance marketplace of vetted security researchers who pair on collaborative teams. Spearbit is growing and needs a talented technical copywriter to help write our audit reports as well as content for our community. This person will work with our security researchers to copy edit and format our audit reports. Benefits Competitive compensation: This is a contract position at $100/hr Option of getting paid in digital currency Our Values

2/22/2022
Read more from Spearbit
Published on HackMD