Information Security Lead

About the role:

We are seeking an experienced and self-motivated Information Security Lead to lead our digital and physical security efforts.

The scope of the opportunity for security within our organization encompasses:

  • Services like Discord and 1Password
  • Company hardware including phones and computers
  • Operational deployments of our core infrastructure like Aptos Community page, Aptos Foundation page, Faucets, Indexer APIs, and other services within cloud infrastructure in AWS and GCP
  • Operational configuration of validators, fullnodes, and other publicly reusable services that leverage Terraform and Pulumi across various cloud vendors
  • Software including:
    • Distributed services like consensus, state synchronization, mempool
    • Networking services like P2P network infrastructure using Noise, our REST APIs, and our Indexer
    • Storage services
    • VMs and their interface into the application space
    • Library and application smart contracts
    • Command-line interface tools
    • SDKs across many languages (currently Rust, Python, and Typescript)
    • Wallets โ€“ browser extension, mobile, custodial solutions
  • Our release processes for SDKs, Nodes, Indexers, Operational services, docker containers, and our wallet

What youโ€™ll be doing:ย 

  • Audit, define, develop, and maintain an Information and Security Framework across Aptos in line with relevant legislation, regulation, and industry standards as applicable
  • Define, build, and maintain the required culture, plans, policies, procedures, systems, controls, reporting mechanisms, and assurance framework
  • Leading training classes for both operational and software development security
  • Continuously reviewing our ongoing development processes to be engaged early in the process of software development
  • Define security goals and objectives, and align the wider team to them

What weโ€™re looking for:

  • Understanding of best practices within Information Security and risk management including standards such as ISO/IEC 27001, NIST-CSF, CIS-20CSC, and CObIT
  • Security technologies and wider business solutions including identity and access management, Security Incident and Event Management (SIEM) and Security Operation Centre (SOC), remote working, and cloud-first technologies
  • Ability to think and plan strategically and systematically while delivering
  • Ability to work within a regulatory framework and to articulate its potential as a tool for continuous improvement across the wider organization
  • Experience conducting penetration tests and/or managing third-party audit firms

Listed in: , , , , , , , , , , , .