Мэтч & Сопровод
Покажет вашу совместимость и напишет письмо
Описание вакансии
Head of Security
Company
Compound Finance
Conditions
5 days agoHead Anywhere Remote Full Time Cybersecurity Jobs by Compound Finance
Compound Finance Compound Finance is a decentralized finance (DeFi) protocol that provides a global market for capital, enabling users to earn yield on deposited assets and borrow against crypto collateral. It serves crypto asset holders and DeFi users seeking to earn yield, access liquidity, or borrow against established digital assets like ETH, WBTC, and stablecoins. Distributed Projects Compound V3 Decentralised Borrowing & Lending About Compound Finance Compound is a DeFi lending and borrowing protocol that allows users to deposit crypto assets to earn market-driven yield with instant withdrawals, and to borrow against curated collateral assets at competitive rates with instant liquidity. Loans are backed by excess collateral to reduce lending risk. The protocol has facilitated over $480B in total deposits and loans and $57B in all-time loans over more than six years of operation. Security is a core focus, with independent audits, comprehensive testing, continuous security reviews, and a bug bounty program backed by Immunefi offering rewards up to $1M. The Compound Foundation supports the long-term growth of the ecosystem through strategic planning, ecosystem development, partnerships, governance coordination, and community engagement, alongside teams focused on risk & capital management, engineering, and protocol security. View jobs by Compound Finance
Skills
Access Management Audit Blockchain Infrastructure Bug Bounty Ci/Cd Cloud Security Code Review Custody Defi Endpoint Security Formal Verification Github Identity Management Incident Response Infrastructure Security Key Management Multi-Sig Operational Security Protocol Security Secrets Management Secure Sdlc Smart Contract Security Threat Modeling Vendor Management Vulnerability Management
About the Role
You will own the Foundation's security posture across protocol development, infrastructure, tooling, access, custody interfaces, vendor risk and incident readiness. You'll work closely with the COO, CTO, Head of Product, engineering leads, external auditors, bug bounty providers, ecosystem contributors and governance stakeholders to keep the protocol and ecosystem secure as v4 expands into new markets, assets and institutional integrations. You'll operate at both strategic and hands-on levels across smart contract security, infrastructure security, incident response, vendor management and operational security.
Requirements
- 8+ years security experience, including hands-on security engineering, application security or infrastructure security, with demonstrated end-to-end ownership of a security function
- Direct crypto, DeFi, smart contract, blockchain infrastructure or protocol security experience
- Strong understanding of smart contract audits, vulnerability management, bug bounties and secure deployment practices
- Experience hardening cloud, GitHub, CI/CD, identity, access, secrets management and endpoint environments
- Experience leading incident response for high-severity technical or security events
- Ability to operate as both security strategist and hands-on builder in a small team
- Traditional finance or other critical financial infrastructure experience is desirable but not required
Responsibilities
- Own the Foundation security program across protocol, infrastructure, applications, internal tools, vendors and access controls
- Support protocol and ecosystem security by coordinating secure development practices, audit processes, vulnerability handling, contributor guidance and incident response readiness
- Manage and coordinate with Compound's security service providers, including audit firms, formal verification specialists and incident response providers
- Partner with CTO and engineering team on secure architecture, secure SDLC, code review and deployment practices
- Implement incident response procedures for vulnerabilities, exploits, access compromise, vendor compromise and operational security events
- Harden identity, access management, secrets, GitHub, cloud, CI/CD, endpoint and offboarding practices
- Support wallet, multi-sig, key management and custody security standards in partnership with Finance/Treasury and Risk
- Evaluate security vendors, auditors, bug bounty platforms and external experts
- Produce short, decision-ready security updates for leadership; escalate material issues or launch blockers quickly
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →
Текст вакансии взят без изменений