IT Security Engineer @ OpenZeppelin

IT Security Engineer

Europe

Posted on 2/16/2023

INACTIVE

11-50 employees

Website

Smart contract development security platform

Company Overview

OpenZeppelin’s mission is to provide security solutions for the decentralized ecosystem, and the Ethereum blockchain which faces the challenge of being able to scale while remaining decentralized, secure, and affordable for users. The company is committed to protecting the open economy, OpenZeppelin safeguards tens of billions of dollars in funds for leading crypto organizations including Coinbase, Ethereum Foundation, and many others.

Locations

London, UK • Remote

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

Agile

AWS

Development Operations (DevOps)

Communications

Blockchain

CategoriesNew

DevOps & Infrastructure

Requirements

3 to 5 years of IT security, application and cloud security experience
Experience designing and implementing IT security controls in general and in AWS cloud in particular
Experience with DevSecOps and Agile methodologies
Proven experience building productive relationships with internal teams and partners
Curiosity and research skills to find IT and security solutions for our business needs
Excellent verbal and written communication skills to effectively exchange ideas and information with other teams and to provide assistance for IT and security matters

Responsibilities

Guide the DevOps team to implement cloud security and compliance controls
Partner with development teams to design, implement and enhance security best practices in the SDLC and our software offerings
Create and maintain IT and cloud security policies
Work alongside other security team members to implement and maintain company-wide security best practices of all IT infrastructure including applications and endpoints devices
Support systems access provisioning and deprovisioning as well as onboarding and offboarding activities
Execute internal IT risk assessments and third-party risk assessments, as well as support the remediation of the findings
Assist with SOC 2 internal audits
Review periodically the security configurations of our systems
Learn new concepts, skills, and technologies to propose and implement new IT and security solutions

Desired Qualifications

Understanding of APIs and how to develop automation utilizing API functionality of tools and solutions
Previous experience with Disaster Recovery Planning and Incident Response
Previous experience managing Google Workspace environments
Security certifications, such as CISSP, CISM, or GIAC certifications
Knowledge of or exposure to common information security management frameworks, such as ISO/IEC 27001, NIST 800-53, NIST Cybersecurity Framework, CIS controls, or SOC 2 Type 2 reports and audit processes
Exposure to Blockchain / Web3 technologies and infrastructure

About us

Founded in 2015, OpenZeppelin is the premier crypto cybersecurity technology and services company, trusted by the most used DeFi and NFT projects in the world.

Our mission is to protect the open economy, safeguarding tens of billions of dollars in funds for leading crypto organizations including Aave, Coinbase, Compound, Ethereum Foundation, TheGraph and many others.

The OpenZeppelin team, spread across 30+ countries in the world, is responsible for creating the most popular Open Source Library for Smart Contract development in the world with over 15 million downloads! The expertise we’ve built along the years allowed us to uncover major security vulnerabilities for some of the most well known players in the market.

With the success of our products, our security audit work, and the open source educational efforts, we are setting the industry standards for secure systems of a hyper-fast-growing industry and we’re looking for more folks to help us on our mission.

The IT & Security team

The IT & Security team at OpenZeppelin is responsible for the planning, execution, and delivery of the IT & Information Security Program that supports OpenZeppelin processes, technologies, products, and customers. The team manages the company’s IT and Security Operations, leads Governance Risk and Compliance initiatives, and supports Product Security activities and processes, led by the Head of IT & Security.

What you’ll be doing

Guide the DevOps team to implement cloud security and compliance controls.
Partner with development teams to design, implement and enhance security best practices in the SDLC and our software offerings.
Create and maintain IT and cloud security policies.
Work alongside other security team members to implement and maintain company-wide security best practices of all IT infrastructure including applications and endpoints devices.
Support systems access provisioning and deprovisioning as well as onboarding and offboarding activities.
Execute internal IT risk assessments and third-party risk assessments, as well as support the remediation of the findings.
Assist with SOC 2 internal audits.
Review periodically the security configurations of our systems.
Learn new concepts, skills, and technologies to propose and implement new IT and security solutions.

You have:

3 to 5 years of IT security, application and cloud security experience.
Experience designing and implementing IT security controls in general and in AWS cloud in particular.
Experience with DevSecOps and Agile methodologies.
Proven experience building productive relationships with internal teams and partners.
Curiosity and research skills to find IT and security solutions for our business needs.
Excellent verbal and written communication skills to effectively exchange ideas and information with other teams and to provide assistance for IT and security matters

Nice to have

Understanding of APIs and how to develop automation utilizing API functionality of tools and solutions.
Previous experience with Disaster Recovery Planning and Incident Response.
Previous experience managing Google Workspace environments.
Security certifications, such as CISSP, CISM, or GIAC certifications.
Knowledge of or exposure to common information security management frameworks, such as ISO/IEC 27001, NIST 800-53, NIST Cybersecurity Framework, CIS controls, or SOC 2 Type 2 reports and audit processes.
Exposure to Blockchain / Web3 technologies and infrastructure.

Logistics

Our interview process takes place on Zoom and tends to consist of the following stages:

Recruiter call (45 minutes)
Hiring Manager call (45 minutes)
Team member interview (1 hour)
Leadership call (30 minutes)
Paid work test
Reference checks

Please let us know if you require any accommodations for the interview process, and we’ll do our best to provide assistance.

Benefits

Unlimited holidays 🏝
Fully remote: your way of working 🌎
Paid parental leave & benefits for primary or second caregiver 💙
Team events: onboarding tour & company retreats in different locations around the world 😎
Work from home office equipment stipend of up to $500 USD 🪑
Monthly allowance for wellness activities 💪
Coworking: access to a coworking space of your choice 👩‍💻
Learning: technical training; spoken language lessons in any language of your choice (using Italki) 🗣
Working with a global team in a fast-growing industry 🚀

At OpenZeppelin, we are an equal opportunity employer and we value different perspectives. We are committed to building a diverse workforce. This includes but is not limited to gender, race, sexual orientation, religion, national origin and other characteristics that make each one of us unique. In this uniqueness, we find the most value. Come join us!