About us
Founded in 2015 with the mission to protect the open economy, OpenZeppelin is the world leader in securing blockchain applications and smart contracts.
Its bedrock open source Contract Libraries are a public good and industry standard for smart contract development.
OpenZeppelinâs professional expertise, unified with the Defender developer security platform, integrates through clientsâ development lifecycles, so teams can plan, code, audit, deploy and operate projects faster and more safely.
Please note: Always refer to OpenZeppelin's official job page for the most accurate information about our open roles, as we have seen multiple third party job sites posting inaccurate information.
<h3><strong>The IT & Security Team ❤️</strong></h3>
The IT & Security team at OpenZeppelin is responsible for the planning, execution, and delivery of the IT & Information Security Program that supports OpenZeppelinâs entire organization, including its team members and technology. This team manages IT and security operations, maintain network resilience, enforce end-user security, manage compliance initiatives and audits, support product security activities and provide leadership to the organization on cybersecurity best practices.
Role overview
As a Leader in the IT & Security team, you'll bolster OpenZeppelinâs security posture by managing the companyâs IT & Information Security Program in accordance with leading industry standards (including SOC 2), taking into account the unique nature of our blockchain security offerings.
You will report to the Head of Operations and work across the organization to implement security best practices and help OpenZeppelin make continuous improvements to its information security environment.
You have strong organizational skills and an impeccable attention to detail. As a Leader, you will also exemplify operational excellence as you work across the organization to enable our team by provisioning accounts, monitoring and enforcing security policies, configuring systems and integrations, and solving IT issues for our team.
The ideal Lead for this position has the hands-on technical expertise to identify, prioritize and solve security tasks and is excited to expand the impact and grow their expertise in a high-growth environment.
Specifically you will
- Manage the day-to-day IT & Security Department operations, including setting the strategic direction of the IT & Information Security Program and executing on department OKRs and budgets
- Lead audit and certification processes like penetration testing, SOC 2 and ISO/IEC 27001 and manage related vendors
- Partner with development teams to design, implement and enhance security best practices in the SDLC and our software offerings
- Manage and configure physical security, disaster recovery, and data backup systems
- Support systems access provisioning and deprovisioning as well as onboarding and offboarding activities
- Conduct internal security audits and constantly assess our people and processes for vulnerabilities, weaknesses, and for possible upgrades or improvements
- Manage bug bounty programs and lead incident response processes
- Act as an advisor on security best practices across the organization
You have
- 5-7 years of IT & security experience, including at least 2 years of experience managing significant IT & security functions in a high-growth tech company
- Experience deploying infrastructure using IaC and self hosting and maintaining IT and security related services
- Ability to implement software to automate, and streamline IT and security related tasks
- Experience with disaster recovery planning and incident response processes
- Ability to implement and manage MDM tools
- Experience operating a security program based on ISO/IEC 27001, NIST 800-53, NIST Cybersecurity Framework, CIS controls, or SOC 2 Type 2 reports and audit processes
- Previous experience managing Google Workspace environments and Github
- An advanced English level and great communication skills (oral and written)
- The abilities needed to work collaboratively in a distributed remote team
Nice to have
- An understanding or keen interest in blockchain technology and curiosity to constantly expand your knowledge and impact
- Security certifications, such as CISSP, CISM, or GIAC certifications
- Experience using Vanta
Location:
This is a fully remote position with no travel required but we are only hiring in the following time zone range:
- UTC -6 to UTC +3
Logistics:
Our interview process takes place on Zoom and tends to consist of the following stages:
- Recruiter Call (45 mins)
- Hiring Manager Call (45 mins)
- Team Interview (30 mins)
- Leadership Interview (30 mins)
- Paid work test
- Reference checks
<div class="content-conclusion"><section class="j-content">
Benefits
- Unlimited holidays ð
- Fully remote: your way of working ð
- Paid parental leave & benefits for primary or second caregiver ð
- Company retreats in different locations around the world ð
- Work from home office equipment stipend of up to $500 USD ðª
- Monthly allowance for wellness activities ðª
- Coworking: access to a coworking space of your choice ð©âð»
- Learning: technical training; spoken language lessons in any language of your choice (using Italki) ð£
- Working with a global team in a fast-growing industry ð
At OpenZeppelin, we are an equal opportunity employer and we value different perspectives. We are committed to building a diverse workforce. This includes but is not limited to gender, race, sexual orientation, religion, national origin and other characteristics that make each one of us unique. In this uniqueness, we find the most value. Come join us!
.jpg)
