Mysten Labs believes that decentralized and open protocols are the bedrock of the internet of value. This is why at Mysten Labs, we are creating foundational infrastructure to accelerate the adoption of decentralized protocols based on blockchain technologies.

Mysten Labs is seeking a highly skilled and experienced Head of AppSec Engineering to lead our application safeguarding and vulnerability management. The role involves working with a range of stakeholders to ensure that security risks are identified, assessed, and mitigated.

What You’ll Do:

• Manage and lead everything related to; asset management, vulnerability management, patch management, network security, mobile device management, red team provisioning, threat modeling, penetration testing, bug bounty, responsible disclosure, static and dynamic testing, and comprehensive issue tracking and management.

• Establish and maintain security policies, procedures, and guidelines for the organization.

• Develop and implement a security risk management program to identify, assess, and mitigate security risks.

• Monitor and respond to security-related incidents and breaches.

• Develop and maintain a comprehensive asset inventory and ensure that all assets are appropriately secured and maintained.

• Manage and track enterprise vulnerability management activities, including the identification, assessment, and remediation of vulnerabilities.

• Manage and track vulnerability and configuration drift (change) management activities.

• Manage and track patch management activities, including patching timelines and reporting.

• Develop and maintain a comprehensive network security program, including the management of mobile devices.

• Coordinate red team provisioning and attack simulation activities to identify and address potential security weaknesses in the organization.

• Conduct threat modeling activities to identify and assess potential security risks and vulnerabilities.

• Conduct penetration testing activities to identify and address potential security weaknesses in the organization.

• Manage and track bug bounty and responsible disclosure activities.

• Conduct static and dynamic testing and software composition analysis activities to identify and address potential security weaknesses in software applications.

• Maintain a comprehensive issues tracking and management program to ensure that all security-related issues are appropriately addressed and resolved.

Our Ideal Candidate Will Have:

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field.

• Minimum of 8 years of experience in application security or related fields.

• Strong technical knowledge of security technologies, including firewalls, intrusion detection/prevention systems, vulnerability scanners, and SIEM.

• Proven experience in managing and leading security teams.

• Knowledge of industry best practices, standards, and regulations related to cybersecurity, including ISO 27001, NIST, and PCI DSS.

• Strong analytical and problem-solving skills.

• Excellent communication and interpersonal skills.

• Ability to work independently and as part of a team.

Our team is remote first and we are hiring across the world. Here at Mysten Labs, you’ll be joining a world-class team with tremendous growth potential as we bring the next billion users to web3. We raised a $300M Series B round from top Silicon Valley led venture funds like Jump Crypto, Andreessen Horowitz (a16z), Binance Labs, Redpoint, Lightspeed, Coinbase Ventures, Electric Capital, Standard Crypto, NFX, Slow Ventures, Scribble Ventures, Samsung Next, Lux Capital, among other investment firms and strategic partners. Come join us and build the future of web3!