Help define a coherent security strategy for a decentralized organization within the blockchain industry, consulting relevant stakeholders in the process.
Help define practical security policies based on strategy, combining a flexible work environment with high-security requirements.
Creating and maintaining information, infrastructure, and blockchain assets inventories. Inventory management with enforcement of the right security policies based on risk classification.
Capturing, assessing, and categorizing the security risks of current working practices within Maker.
Prioritizing changes to existing security practices to gradually improve these practices in the organization.
Manage and follow up on the implementation of these improvements.
Organizing and participating in incident response procedures within the techops team. Performing post-mortem and forensics analyses where necessary.
Setting up monitoring and notification mechanisms for the detection of security vulnerabilities and breaches.
Setting up and managing periodic security audits.
Clearly communicate with the development teams and other teams within Maker about changing policies and address any related user concerns.
Coaching, training, and knowledge sharing where necessary to improve awareness and understanding of security risks and practices within the organization.
Understanding security and blockchain industry best practices and apply to the context of the Maker decentralized organization.
Staying up-to-date with the latest news regarding industry security vulnerabilities and fixes. Applying security patches and upgrades across the organization in a timely manner. Paying special attention to blockchain-specific vulnerabilities.
Identify in-house blind spots and knowledge gaps. Select, consult, and work with subcontractors where necessary for the safe operation of the Maker data & infrastructure.
Experience with the following or equivalent technologies & practices is an essential part of your skill set:
Proven work experience as a system security engineer or information security engineer
Good knowledge of OWASP security principles and top vulnerabilities, methods to test for them and to remediate
Advanced Linux and shell scripting. Familiar with firewall concepts and intrusion prevention software (iptables, fail2ban)
Knowledge and experience with network and security protocols - HTTP and HTTPS, TLS/SSL, SSH, IPSec. Familiar with packet analyzer tools (Wireshark) and port scanners such as nmap.