Information Security Lead

About the role:

We are seeking an experienced and self-motivated Information Security Lead to lead our digital and physical security efforts. The scope of the opportunity for security within our organization encompasses:

• Services like Discord and 1Password
• Company hardware including phones and computers
• Operational deployments of our core infrastructure like Aptos Community page, Aptos Foundation page, Faucets, Indexer APIs, and other services within cloud infrastructure in AWS and GCP
• Operational configuration of validators, fullnodes, and other publicly reusable services that leverage Terraform and Pulumi across various cloud vendors
• Software including:
• Distributed services like consensus, state synchronization, mempool
• Networking services like P2P network infrastructure using Noise, our REST APIs, and our Indexer
• Storage services
• VMs and their interface into the application space
• Library and application smart contracts
• Command-line interface tools
• SDKs across many languages (currently Rust, Python, and Typescript)
• Wallets – browser extension, mobile, custodial solutions
• Our release processes for SDKs, Nodes, Indexers, Operational services, docker containers, and our wallet

What you’ll be doing: 

• Audit, define, develop, and maintain an Information and Security Framework across Aptos in line with relevant legislation, regulation, and industry standards as applicable
• Define, build, and maintain the required culture, plans, policies, procedures, systems, controls, reporting mechanisms, and assurance framework
• Leading training classes for both operational and software development security
• Continuously reviewing our ongoing development processes to be engaged early in the process of software development
• Define security goals and objectives, and align the wider team to them

What we’re looking for:

• Understanding of best practices within Information Security and risk management including standards such as ISO/IEC 27001, NIST-CSF, CIS-20CSC, and CObIT
• Security technologies and wider business solutions including identity and access management, Security Incident and Event Management (SIEM) and Security Operation Centre (SOC), remote working, and cloud-first technologies
• Ability to think and plan strategically and systematically while delivering
• Ability to work within a regulatory framework and to articulate its potential as a tool for continuous improvement across the wider organization
• Experience conducting penetration tests and/or managing third-party audit firms

Listed in: Cryptocurrency Jobs, Remote Web3 Jobs, Community Crypto Jobs, Community Manager Web3 Jobs, Security Web3 Jobs, Developer Web3 Jobs, Rust Web3 Jobs, Discord Crypto Jobs, Python Web3 Jobs, TypeScript Crypto Jobs, DeFi Web3 Jobs, Full Time Crypto Jobs.