Director of Security
About Filecoin Foundation
Filecoin Foundation (FF) is an independent organization that facilitates governance of the Filecoin network, funds critical development projects, supports the growth of the Filecoin ecosystem, and advocates for Filecoin and the decentralized web. In 2017, the creators of Filecoin envisioned that an independent Filecoin Foundation would serve as the long-term governance body for the Filecoin Ecosystem. They gave the Foundation the mandate to “grow an open ecosystem for decentralized storage” and to “give developers an open and sustainable platform to build, enhance and monetize those services.” They wanted the Foundation to be modeled on Foundations for other open source projects like the Apache Software Foundation, the Mozilla Foundation and the Linux Foundation. The Filecoin Foundation operates independently of Protocol Labs, the organization that designed and built the Filecoin network. As a member of our early-stage team, you will have the opportunity to help define our growth as the organization scales. At Filecoin Foundation, we are a fully remote organization and support a remote, collaborative, and inclusive working culture from anywhere in the world.
As Director of Security at Filecoin Foundation, you will be a key part in building and leading a team ensuring the security of the broader Filecoin Ecosystem by identifying and evaluating risks and vulnerabilities across the network. The Ecosystem includes the Filecoin open source protocol for decentralized network storage, its algorithmic market for network transactions, smart contracts using the Filecon Virtual Machine and third-party developers building on the network.You will take on the ownership of assessing the security requirements, technical needs and human capital needs to properly build, lead and grow the security team necessary to secure FF and the Ecosystem. Additionally, you will become deeply embedded in the broader community of people working on developing in the Filecoin Ecosystem, identifying areas for improvement and proactively developing initiatives and programs to improve the network. Some of these programs already exist (such as the Filecoin Bug Bounty and Security Audit Programs); others you will develop as you identify the need and opportunity. This role involves leading the security team within Filecoin Foundation and coordinating closely with the Ecosystem & EngRes Working Groups’ security initiatives, making communication and the ability to build trusting relationships critical.
If you are passionate about cybersecurity and a more decentralized internet, we want to talk to you! The ideal candidate is a technical leader capable of crafting technical strategy, an eye for great customer experiences, ability to engage with customers with deep empathy, passion for building remarkable products, and prior experience building and leading engineering teams for successful products/services. Come join us and help Filecoin Foundation lead the revolution!
- Assess, build and grow a security team at FF
- Build relationships with key stakeholders in the Filecoin Ecosystem and advocate for the needs of the community in order to drive continuous security improvements
- Work with internal and external partners to design programs and initiatives to mitigate security risks and increase security hardening throughout the Filecoin network
- Coordinate with security researchers and Filecoin protocol implementation teams to ensure the future security of the network
- Partner with the broader ecosystem to own the security product roadmap, design, development, testing, deployment and operations
- Effectively track, manage, and report on security-related requests and projects
- Triage response to vulnerability information and be an escalation path for security issues, concerns, and inquiries
- Manage security audits with external vendors to assess vulnerabilities
- Manage security programs, including bug bounty and emergency response, for the Filecoin network; oversee the team that runs these programs
- Structure and execute penetration testing, threat-simulation, security education, attack vector prevention, and best practice documentation
- Defining and delivering on industry-leading security technology initiatives that enables the foundation to solve complex security problems
- Work collaboratively with cross-functional teams to innovate, think big and collaborate with others as you work closely with teams across product/engineering, operations, social impact, governance, and security to solve challenging problems
- Experience leading security teams or security researchers, including leading a security team whose members have varied expertise to build and deploy information security solutions at scale
- Infosec experience, developing and enforcing org policies around permissioning, incident response, data avoidance/retention policies, and strong software engineering principles
- Deep experience with distributed networks and network security, working with infrastructure teams to assess their needs
- Deep experience collaborating closely with software engineers, from design to development to production support and developer education
- A firm grasp on open-source software development and an understanding of the challenges that these projects face
- Familiarity and experience working with the Open Source community, especially Apache, Mozilla and Linux, and the Infosec community, including working with security researchers and with bug bounty programs.
- Expertise hiring and interacting with auditors, pentesters, and experts outside your organization
- Ability to think strategically, seeing the big picture while also executing on the operations of the program
- Tactful communication and discretion about sensitive issues
- Strong organizational and problem solving skills and attention to detail
- Ability to balance time-sensitive priorities
- Ability to build trusting relationships with multiple stakeholders
- Ability to work independently with minimal oversight
- Passion for the decentralized web and information access
- Quick and avid learner – able to quickly process and synthesize information; curious and willing to roll up your sleeves and dive into unknown
- Proactive self-starter - able to take initiative to solve problems while knowing when to ask questions and leverage others; always thinking one step ahead
- Communicator – concise and strong communication skills, both verbal and written
- Collaborative – work well with anyone from analysts to senior leaders
- Unstructured problem solver – able to work in the gray with limited context, while identifying sustainable solutions to solve complex business issues
- Innovative – no limits mindset, creative and innovative solutions; constantly thinking about ways to improve current processes
- Detail-oriented and organized – rigorous project management and organization to drive to timelines and keep stakeholders aligned
The salary range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.
At Filecoin Foundation, total compensation includes base salary, FIL/Tokens and exceptional benefits and perks. A reasonable base salary estimate of the current range for this positions is $190,000 - $259,021.
Something looks off?