Head of Security (Aptos Foundation)

Head of Security, Aptos Foundation

Aptos is a people-first blockchain on a mission to help billions of people achieve universal and fair access to decentralized assets in a safe and scalable way.

Founded by some of the original creators and maintainers that researched, designed, and built the Diem blockchain to serve this purpose, we have dedicated several years toward this mission. We believe the open-source Diem technology we have developed is an important foundation of a safe and scalable web3 world where everyone has more equitable opportunities to grow and access financial assets with lower fees and fewer intermediaries.

Aptos (Ohlone for "The People") encompasses our mission and ethos for why we build.

About the role:

We are seeking an experienced and self-motivated Head of Security (Aptos Foundation) to lead our digital and physical security efforts.The scope of the opportunity for security within our organization encompasses:

• Services like Discord and 1Password
• Company hardware including phones and computers
• Operational deployments of our core infrastructure like Aptos Community page, Aptos Foundation page, Faucets, Indexer APIs, and other services within cloud infrastructure in AWS and GCP
• Operational configuration of validators, fullnodes, and other publicly reusable services that leverage Terraform and Pulumi across various cloud vendors
• Software including:
• Distributed services like consensus, state synchronization, mempool
• Networking services like P2P network infrastructure using Noise, our REST APIs, and our Indexer
• Storage services
• VMs and their interface into the application space
• Library and application smart contracts
• Command-line interface tools
• SDKs across many languages (currently Rust, Python, and Typescript)
• Wallets – browser extension, mobile, custodial solutions
• Our release processes for SDKs, Nodes, Indexers, Operational services, docker containers, and our wallet

What you’ll be doing:

• Audit, define, develop, and maintain an Information and Security Framework across Aptos in line with relevant legislation, regulation, and industry standards as applicable
• Define, build, and maintain the required culture, plans, policies, procedures, systems, controls, reporting mechanisms, and assurance framework
• Leading training classes for both operational and software development security
• Continuously reviewing our ongoing development processes to be engaged early in the process of software development
• Define security goals and objectives, and align the wider team to them

What we’re looking for:

• 7+ years of relevant work experience
  Understanding of best practices within Information Security and risk management including standards such as ISO/IEC 27001, NIST-CSF, CIS-20CSC, and CObIT
• Security technologies and wider business solutions including identity and access management, Security Incident and Event Management (SIEM) and Security Operation Centre (SOC), remote working, and cloud-first technologies
• Ability to think and plan strategically and systematically while delivering
• Ability to work within a regulatory framework and to articulate its potential as a tool for continuous improvement across the wider organization
• Experience conducting penetration tests and/or managing third-party audit firms