Director, Information Security

at DFINITY Foundation (view profile)
Location Palo Alto, CA, United States
Date Posted August 28, 2019
Category Customer or Business Operations Support
Job Type Office · Full time

Description

We are looking for a Cyber / Information Security expert to be our first dedicated security hire at DFINITY.  You will be responsible for building out security controls, detection response and be responsible for the day-to-day management of global security operations. As the first security hire, this will be a key leadership role as we create a security-conscious culture and ensure we are building an effective security program.

Responsibilities:

  • Build DFINITY’s InfoSec program and partner with vendors, internal IT and DevOps teams, and business stakeholders.
  • Participate in creating a Risk Based approach to develop a strategic roadmap to prioritize efforts including DevOps/AppSec, Network Security, Identity access management, EndPoint Protection, Logging, and Detection & Response
  • Build/deploy/maintain security controls, instrumentation and detection infrastructure
  • Conduct security risk assessments, penetration testing, monitor security vulnerabilities and threats
  • Automate the investigation and remediation of security events
  • Conduct in-depth research on attacker profiles and infrastructure to better predict and prevent future attacks
  • Establish appropriate standards, direct implementation, identify and respond to information and security related incidents
  • Oversee the creation of the SOC, SIEM and Vulnerability Management technology roadmap(s)
  • Develop incident run books and performance measures / key indicators
  • Create and define SLA response time for incidents and services
  • Create a logging pipeline for the automated review of risk factors and automated mitigation steps
  • Manage and review DFINITY’s Endpoint Protection posture to ensure we are enabled to detect, contain, and mitigate any Zero Days, APTs, Malware or data loss
  • Partner with DevOps to implement a secure code repository and review process; ensure the security of secrets and keys
  • Implement 3rd party reviews to ensure product security, including red teams and bug bounties

Required skills and qualifications

  • Significant experience in building a cyber information security program
  • Ability to identify security threats, incident detection, and conduct incident response
  • Extensive experience securing and testing AWS services including the creation of immutable infrastructures and infrastructure-as-code environments
  • Experience with executing incident response in virtual and containerized environments
  • Experience conducting research on threat actors and their methodologies
  • Experience mitigating DDoS attacks
  • Experience building out a SOC
  • Experience securing credentials, keys and other secrets
Drop files here browse files ...