About the role:
We are seeking an experienced and self-motivated Information Security Lead to lead our digital and physical security efforts
The scope of the opportunity for security within our organization encompasses:
- Services like Discord and 1Password
- Company hardware including phones and computers
- Operational deployments of our core infrastructure like Aptos Community page, Aptos Foundation page, Faucets, Indexer APIs, and other services within cloud infrastructure in AWS and GCP
- Operational configuration of validators, fullnodes, and other publicly reusable services that leverage Terraform and Pulumi across various cloud vendors
- Software including:
- Distributed services like consensus, state synchronization, mempool
- Networking services like P2P network infrastructure using Noise, our REST APIs, and our Indexer
- Storage services
- VMs and their interface into the application space
- Library and application smart contracts
- Command-line interface tools
- SDKs across many languages (currently Rust, Python, and Typescript)
- Wallets โ browser extension, mobile, custodial solutions
- Our release processes for SDKs, Nodes, Indexers, Operational services, docker containers, and our wallet
What youโll be doing:ย
- Audit, define, develop, and maintain an Information and Security Framework across Aptos in line with relevant legislation, regulation, and industry standards as applicable
- Define, build, and maintain the required culture, plans, policies, procedures, systems, controls, reporting mechanisms, and assurance framework
- Leading training classes for both operational and software development security
- Continuously reviewing our ongoing development processes to be engaged early in the process of software development
- Define security goals and objectives, and align the wider team to them
What weโre looking for:
- Understanding of best practices within Information Security and risk management including standards such as ISO/IEC 27001, NIST-CSF, CIS-20CSC, and CObIT
- Security technologies and wider business solutions including identity and access management, Security Incident and Event Management (SIEM) and Security Operation Centre (SOC), remote working, and cloud-first technologies
- Ability to think and plan strategically and systematically while delivering
- Ability to work within a regulatory framework and to articulate its potential as a tool for continuous improvement across the wider organization
- Experience conducting penetration tests and/or managing third-party audit firms
Listed in: , , , , , , , , , , ,