About The Company

Founded in 2015, OpenZeppelin is the premier crypto cybersecurity technology and services company, trusted by the most used DeFi and NFT projects in the world.

Our mission is to protect the open economy, safeguarding tens of billions of dollars in funds for leading crypto organizations including Aave, Coinbase, Compound, Ethereum Foundation, TheGraph and many others.

The OpenZeppelin team, spread across 30+ countries in the world, is responsible for creating the most popular Open Source Library for Smart Contract development in the world with over 15 million downloads! The expertise we've built along the years allowed us to uncover major security vulnerabilities for some of the most well known players in the market.

With the success of our products, our security audit work, and the open source educational efforts, we are setting the industry standards for secure systems of a hyper-fast-growing industry and we're looking for more folks to help us on our mission.

Job Short Description

The IT & Security team

The IT & Security team at OpenZeppelin is responsible for the planning, execution, and delivery of the IT & Information Security Program that supports OpenZeppelin processes, technologies, products, and customers. The team manages the company’s IT and Security Operations, leads Governance Risk and Compliance initiatives, and supports Product Security activities and processes, led by the Head of IT & Security.

What you'll be doing

• Create and maintain IT and cloud security policies.
• Guide the DevOps team to implement cloud security and compliance controls.
• Partner with development teams to design, implement and enhance security best practices in the SDLC and change management processes.
• Work alongside other security team members to implement and maintain company-wide security best practices of all IT infrastructure including applications and endpoints devices.
• Support systems access provisioning and deprovisioning as well as onboarding and offboarding activities.
• Execute internal IT risk assessments and support the remediation of the findings.
• Execute third-party risk assessments.
• Assist with SOC 2 internal audits.
• Review periodically the security configurations of our systems.
• Learn new concepts, skills, and technologies to propose and implement new IT and security solutions.
• Assist with IT and security requests.

You have: 

• 3 to 5 years of IT security and cloud security experience.
• Experience designing and implementing IT security controls in general and in AWS cloud in particular.
• Experience with automating processes and/or security controls.
• Experience with DevOps, DevSecOps, and Agile methodologies.
• Proven experience building productive relationships with internal teams and partners.
• Curiosity and research skills to find IT and security solutions for our business needs.
• Excellent verbal and written communication skills to effectively exchange ideas and information with other teams and to provide assistance for IT and security matters.

Nice to have

• Knowledge of or exposure to SOC 2 Type 2 reports and audit processes, ISO/IEC 27001, NIST 800-53, NIST Cybersecurity Framework, CIS controls or equivalent.
• Previous experience with Disaster Recovery Planning and Incident Response.
• Understanding of APIs and how to develop automation utilizing API functionality of tools and solutions.
• Previous experience managing Google Workspace environments.
• Security certifications, such as CISSP, CISM, or GIAC certifications.
• Exposure to Blockchain / Web3 technologies and infrastructure.

Logistics

Our interview process takes place on Zoom and tends to consist of the following stages:

• Recruiter call (45 minutes)
• Hiring Manager call (45 minutes)
• Team member interview (1 hour)
• Leadership call (30 minutes)
• Paid work test
• Reference checks

Please let us know if you require any accommodations for the interview process, and we’ll do our best to provide assistance.

Benefits

• Unlimited holidays 🏝
• Fully remote: your way of working 🌎
• Paid parental leave & benefits for primary or second caregiver 💙
• Team events: onboarding tour & company retreats in different locations around the world 😎
• Work from home office equipment stipend of up to $500 USD 🪑
• Monthly allowance for wellness activities 💪
• Coworking: access to a coworking space of your choice 👩‍💻
• Learning: technical training; spoken language lessons in any language of your choice (using Italki) 🗣
• Working with a global team in a fast-growing industry 🚀

At OpenZeppelin, we are an equal opportunity employer and we value different perspectives. We are committed to building a diverse workforce. This includes but is not limited to gender, race, sexual orientation, religion, national origin and other characteristics that make each one of us unique. In this uniqueness, we find the most value. Come join us!