Skip to content

Staff Security Engineer @ Polymarket

Current Focus: Exchange Security Architecture, Key Management & Supply Chain Integrity

At Polymarket, the world's largest prediction market, I work within the security team defending a hybrid on-chain/off-chain exchange where markets settle real-world outcomes with real money at stake. The attack surface spans the full spectrum: non-custodial smart contract infrastructure on Polygon (CTF Exchange), operational key material, a high-traffic web frontend, and the vendor ecosystem behind it. My focus is helping make every layer of that surface hostile territory for an attacker — from the signing ceremony to the browser.

Key Responsibilities & Focus Areas

  • Cryptographic Key Management: Architecting HSM-backed signing infrastructure for operational wallets — hardware-enforced key custody, policy-based transaction approval workflows, wallet segmentation by blast radius, and quorum controls that ensure no single compromised credential can move funds.
  • Frontend & Supply Chain Integrity: Hardening the web application delivery pipeline against client-side attacks: Subresource Integrity (SRI) enforcement, strict Content Security Policy, third-party JavaScript governance, dependency pinning and provenance verification, and CI/CD pipeline integrity controls — treating the frontend as a first-class attack surface, not an afterthought.
  • On-Chain Threat Detection: Building monitoring coverage for the CTF Exchange architecture — order settlement correctness, atomic swap invariants between outcome tokens and collateral, operator key behaviour, and oracle-resolution integrity for market settlement. Correlating on-chain signals with infrastructure telemetry to separate real exploit activity from noise.
  • Nation-State Threat Research: Reverse engineering malware campaigns from actors targeting the crypto space — prioritising behavioural analysis over short-lived static indicators. I translate that tradecraft into durable detection logic: SIEM correlation rules (Sumo Logic) and Custom IOAs in CrowdStrike that break the threat chain at execution time rather than after compromise.
  • Incident Response & Threat Intelligence: Contributing to detection engineering and response operations informed by the current Web3 threat landscape — nation-state actors targeting key material, supply chain compromises of third-party scripts, and social engineering against privileged operators. Behavioural detection over static indicators, with response playbooks tuned to kill the threat chain before funds move.
  • Vendor & Third-Party Risk: Establishing security review gates for every external dependency that touches production — from npm packages to SaaS integrations — because in Web3, your perimeter includes everyone you trust.

Technical Stack

  • Security: HSM/KMS architectures, CSP/SRI tooling, SIEM & detection engineering, EDR.
  • Web3: Solidity, Smart Contract Auditing, CTF/ERC-1155 outcome tokens, EIP-712 signed orders, Oracle security (UMA OO).
  • Cloud & Ops: AWS, K8s, Docker, CI/CD supply chain security.
  • Languages: Python, Solidity, TypeScript.