Information Security Lead

About the role:

We are seeking an experienced and self-motivated Information Security Lead to lead our digital and physical security efforts. The scope of the opportunity for security within our organization encompasses:

• Services like Discord and 1Password
• Company hardware including phones and computers
• Operational deployments of our core infrastructure like Aptos Community page, Aptos Foundation page, Faucets, Indexer APIs, and other services within cloud infrastructure in AWS and GCP
• Operational configuration of validators, fullnodes, and other publicly reusable services that leverage Terraform and Pulumi across various cloud vendors
• Software including:
• Distributed services like consensus, state synchronization, mempool
• Networking services like P2P network infrastructure using Noise, our REST APIs, and our Indexer
• Storage services
• VMs and their interface into the application space
• Library and application smart contracts
• Command-line interface tools
• SDKs across many languages (currently Rust, Python, and Typescript)
• Wallets – browser extension, mobile, custodial solutions
• Our release processes for SDKs, Nodes, Indexers, Operational services, docker containers, and our wallet

What you’ll be doing: 

• Audit, define, develop, and maintain an Information and Security Framework across Aptos in line with relevant legislation, regulation, and industry standards as applicable
• Define, build, and maintain the required culture, plans, policies, procedures, systems, controls, reporting mechanisms, and assurance framework
• Leading training classes for both operational and software development security
• Continuously reviewing our ongoing development processes to be engaged early in the process of software development
• Define security goals and objectives, and align the wider team to them

What we’re looking for:

• Understanding of best practices within Information Security and risk management including standards such as ISO/IEC 27001, NIST-CSF, CIS-20CSC, and CObIT
• Security technologies and wider business solutions including identity and access management, Security Incident and Event Management (SIEM) and Security Operation Centre (SOC), remote working, and cloud-first technologies
• Ability to think and plan strategically and systematically while delivering
• Ability to work within a regulatory framework and to articulate its potential as a tool for continuous improvement across the wider organization
• Experience conducting penetration tests and/or managing third-party audit firms