SecOps Contributor (Security Integration)

TL;DR

SecOps Contributor (Security Integration): Integrating security into development processes for the Lido Protocol and related applications with an accent on incident response planning, vulnerability assessments, and embedding security tools into the development pipeline. Focus on conducting security investigations and communicating security practices effectively to both technical and non-technical stakeholders.

Location: Worldwide

Company

Security-focused contributor role supporting a DAO in integrating security into development and incident management.

What you will do

• Develop secure systems and define processes, systems, and applications to make attacks difficult to execute and easy to detect.
• Embed security practices and tools into the development pipeline.
• Develop and maintain incident response plans and playbooks; lead or participate in incident response activities (investigation, containment, eradication, recovery).
• Perform regular vulnerability assessments and penetration testing; monitor security alerts and incidents.
• Collaborate with development and operations teams to incorporate security from design through deployment and maintenance.
• Provide training and support on security tools and techniques, emphasizing communication, negotiation, and influence.

Requirements

• Experience with technical security assessments, code audits, design reviews, and vulnerability research.
• Proficiency in programming languages: Python, Golang, JavaScript, Bash.
• Experience with security tools and technologies: SIEM, IDS/IPS, vulnerability scanners, automated security testing.
• Excellent communication skills to explain security concepts to technical and non-technical stakeholders.
• Strong problem-solving skills for security investigations and risk assessments.
• English: B2+.

Nice to have

• Experience with blockchain technologies, Ethereum-based networks, web3 bug hunting, and contract analysis.
• Familiarity with DevOps practices and tools: Docker, Kubernetes, GitHub Actions, Git, Ansible, Terraform.
• Experience analyzing and preventing supply chain attacks.
• Focus on improving real-world security rather than compliance.

Culture & Benefits

• Contribute from anywhere in the world.
• Competitive compensation level.
• Flexible schedule.
• Compensation for education, including language and professional growth courses.
• Equipment and co-working reimbursement program.

Hiring process

• Interviews to evaluate security assessment, incident response, and communication skills.
• Discussion of relevant experience with security tools, vulnerability research, and secure development practices.