Security
Security Engineer
If a security analyst watches for fires, a security engineer builds the systems that make fires harder to start. The work is architectural: designing Zero Trust networks, hardening CI/CD pipelines against supply chain attacks, choosing cryptographic primitives that won't be regretted in five years.
You hold an adversarial mindset in one hand and an empathy for developer workflow in the other, because controls that engineers route around aren't really controls. Frameworks like OWASP and the MITRE ATT&CK catalog give you a shared language with the rest of the field.
Students drawn to this path usually liked the puzzles in a CTF more than the prizes. Growth comes from owning a real production environment and writing the post-mortem when something you missed went wrong.
Skills you'll need
- CodeSeniorNew
Implement Threshold Signatures for a Multi-Sig Custody Service
Read the FROST IETF draft (draft-irtf-cfrg-frost) and the underlying Schnorr signature scheme on the secp256k1 curve. Implement the FROST distributed key generation (DKG) and 3-…
- Applied Cryptography
- Threshold Signatures
- Systems Language Proficiency (Go, Rust, C++)
Applied Cryptography - ResearchSeniorNew
Audit a Custom Cryptographic Protocol
Read the 22-page protocol spec, the Go reference implementation (around 4,000 lines), and the test vectors. Run a structured review covering: primitive choices (which cipher, MA…
- Applied Cryptography
- Cryptographic Audit
- Protocol Analysis
Applied Cryptography - CodeSeniorNew
Implement a Bootloader with Secure OTA for a Medical Wearable
Implement using MCUboot as the secondary-image bootloader. Set up an offline signing pipeline (Ed25519 keys, HSM-backed for production). Implement the OTA client: BLE file trans…
- Mcuboot
- Secure Bootloader
- Firmware Signing
Embedded Systems Engineering - CodeSeniorNew
Build an Intrusion-Detection Rule Pack for a Manufacturing PLC Fleet
Analyze provided PCAP (packet capture) files from 3 anonymized customer sites covering normal operating windows and 2 red-team simulation windows. Implement Suricata rules for 8…
- Intrusion Detection
- Ics Security
- Suricata
Cyber-Physical and Cybercrime Topics Practice your coursework on real scenarios.
Every challenge is shaped from real-world context — not generic exercises. The work mirrors what your degree prepares you for.
Why Ewance
- AnalysisSeniorNew
Forensic Reconstruction of an Anonymized Energy-Grid Incident
Triage the artifacts using a timeline-first methodology. Build a unified timeline across syslog, historian, firewall, and disk-image artifacts (Plaso super-timeline). Identify c…
- Digital Forensics
- Incident Response
- Ics Security
Cyber-Physical and Cybercrime Topics - CodeSeniorNew
Build a Kernel-Module Sandbox for an Untrusted Code Service
Receive the current Docker-based sandbox configuration, post-incident reports for both escapes, and the runtime requirements for Python and C++ (compilers, package availability,…
- Sandboxing
- Seccomp Bpf
- Gvisor
Computer Systems Security - CodeSeniorNew
Build a Secure Multi-Party Computation Demo for Cross-Bank Fraud Detection
Pick MP-SPDZ as the MPC framework. Build a 4-party demo computing two protocols: (1) private set intersection of suspicious-account IDs across banks, (2) joint aggregate (count …
- Secure Computation
- Mpc
- Cryptography
Privacy-Enhancing Technologies - DesignSeniorNew
Design an OS-Level Side-Channel Mitigation for a Multi-Tenant Cloud
Read 3 canonical cache-side-channel papers (provided). For each attack: characterize the threat model, the required attacker capabilities, and the OS-level invariant that, if he…
- Os Security
- Side Channels
- Virtualization
Advanced Operating Systems - Browse challenges
Explore role
Product Manager
Ship product that solves real user problems. Combine user research, prototyping, and stakeholder alignment to turn ambiguous briefs into measurable wins — the role at the centre of modern software teams.
- CodeSeniorNew
Reverse-Engineer and Patch an N-Day Vulnerability in a Vendor Binary
Receive the vulnerable binary (Linux ELF, x86-64), the public CVE-2025-XXXX advisory + PoC, and the bank's deployment context (RHEL 9, the binary runs as a non-root service). Lo…
- Reverse Engineering
- Binary Exploitation
- Ghidra
Computer Systems Security - StrategySeniorNew
TLS and PKI Migration to Post-Quantum for a Cross-Border Bank
Receive an anonymized TLS inventory (endpoint, current cipher suite, TLS version, certificate issuer, last rotation, business criticality) and the bank's PKI hierarchy. Score en…
- Tls
- Pki
- Post Quantum Cryptography
Network Security - AnalysisSeniorNew
Cyber-Physical Security Audit for a Connected-Building HVAC System
Audit one representative tower's BMS: enumerate BACnet devices (network discovery + capability inventory), identify lateral-movement paths (tenant wifi -> guest network -> BACne…
- Cyber Physical Systems
- Ot Security
- Risk Management
Internet of Things and Cyber-Physical Systems - CodeSeniorNew
Harden a Container Supply Chain to SLSA Level 3
Audit the current build and deploy pipeline against the SLSA 1.0 specification. Identify SLSA-3 gaps (typically: provenance generation, hermetic builds, two-person review, signe…
- Supply Chain Security
- Slsa
- Sigstore
DevOps and Secure Deployment Build a verifiable portfolio.
Submissions become evidence. Reviewers with shipping experience score against a rubric; the result becomes a credential anyone can verify.
Why Ewance
- DesignSeniorNew
Design an End-to-End Encrypted Messaging Protocol
Read the Signal protocol specifications (X3DH, Double Ratchet) and the team's current architecture (server-stored unencrypted messages). Design an E2EE protocol covering: identi…
- Applied Cryptography
- Protocol Design
- Systems Language Proficiency (Go, Rust, C++)
Applied Cryptography
How it works
From brief to credential, in six steps.
Step 01
Browse challenges aligned to your studies.
Step 02
Accept the one that fits your goals.
Step 03
Work through it with AI Copilot guidance.
Step 04
Submit for structured evaluation.
Step 05
Earn a verified credential.
Step 06
Add it to LinkedIn with one click.
Industry teams behind a decade of practitioner briefs
Hiring from this pool?
Sponsor a challenge and meet candidates through actual work.
Industry teams can shape briefs around the skills they hire for, then evaluate students on rubric-scored deliverables — not resumes.
Skills and disciplines shown on this page are derived from the Ewance challenge catalogue. When the median annual salary is available for this role via Adzuna, it will be shown above with the sample size and country.
Portrait: Photo by amin naderloei on Unsplash.



















































































