Technical Senior Security Program Manager

OpenSea is the first and largest marketplace for , or NFTs
Applications for NFTs include collectibles, gaming items, domain names, digital art, and many other items backed by a blockchain
OpenSea is an open, inclusive web3 platform, where individuals can come to explore NFTs and connect with each other to purchase and sell NFTs
At OpenSea, we're excited about building a platform that supports a brand new economy based on true digital ownership and are proud to be recognized as ranked top private company
When hiring candidates, we look for signals that a candidate will thrive in our culture, where we default to trust, embrace feedback, grow rapidly, and love our work
We also know how critical it is to celebrate and support our differences
Employing a team rich in diverse thoughts, experiences and opinions enables our employees, our product and our community to flourish
We are dedicated to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status
To help facilitate this, we support remote, hybrid or onsite work at either New York City, San Francisco or the Silicon Valley for the majority of our opportunities
We are looking for a Security Program Manager that will drive our vulnerability management program and security initiatives across product, engineering, and business enablement
 As the first security program manager, you will establish the foundation in which the security team and company will build on top of
 Below is a list of high level programs where we are looking for a senior program manager to step in and drive immediately
Each program has significant depth when fully built out and more security focused programs will need to be created over time


    • Lead the Vulnerability Management Program by accelerating and improving the quality of the findings through our public bug bounty program, third party pentests, and internal red teaming
      Then ensure timely and accurate triage of findings by partnering with the Application Security Engineering group
      Ultimately driving to remediation of identified vulnerabilities across the organization from incident response for critical findings to backlog management for low severity findings
    • Improve the security incident management process and incident command active security incidents in order to reduce the active time of exposure and ensure we do not have repeat incidents
    • Partner with the InfraSec team to drive the Vendor Security Audit Program to ensure proper awareness of risk exposure of vendors
    • Partner with the AppSec team to drive Product Security Reviews to enable high velocity product teams to build secure by design products
    • Manage our threat intelligence gathering (both physical and cyber) to ensure the team and company make decisions with proper awareness of the threat landscape
    • Provide insight and suggestions to steer the security roadmap

Desired Experience

    • Strong program management skills in both designing programs and facilitating them
    • Influence and affect change in cross functional collaborators in order to successfully complete tasks within required timelines
    • Prioritize effectively and multitask efficiently
    • Understanding of common styles of vulnerabilities and how they apply various systems
    • Risk analysis and risk based decision making skills
    • Excellent written and verbal communication skills as you’ll be communicating publicly with researchers and partners
    • If you don't think you meet all of the criteria below but still are interested in the job, please apply
      Nobody checks every box, and we're looking for someone who is excited to join the team

The base salary for this full-time position, which spans across multiple internal levels depending on qualifications, ranges between  $170,000 – $285,000 plus benefits & equity

Listed in: , , , , , , , , , ,