The NEAR project is unlike anything else out there -- it combines the collaborative community of an open-source project with aspects of developer platforms like Heroku or AWS. This provides a unique opportunity for a security leader: you will not just help the NEAR Foundation to build and support its internal operations, but you will be a vital part of ensuring that the entire ecosystem around the NEAR project is robust and secure. In that way, you have the opportunity to work on security for an org under continuous threat plus get your hands on code and provide direct security audit and advisory services for the NEAR platform and its critical applications as well.
About NEAR and the NEAR Collective
NEAR's purpose is to enable community-driven innovation to benefit people around the world and its mission is to accelerate the adoption of Open Technologies. The NEAR platform, which launched in 2020, provides a decentralized application platform that is secure enough to manage high value assets like money or identity and performant enough to make them useful for everyday people, putting the power of Open Finance and the Open Web in their hands.
The NEAR platform, NEAR Protocol, and associated tooling are being built by the NEAR Collective, a collection of the best engineers in the world who work across teams, companies and countries similar to other large scale open source projects. Core contributors include multiple ICPC/Google Code Jam/Topcoder world champions and medalists as well as people with extensive FAANG and blockchain experience.
About the NEAR Foundation
The NEAR Foundation is a nonprofit, non-beneficiary foundation based in Switzerland which supports community-driven innovation and the Open Web with a specific focus on the NEAR platform. The Foundation distributes grant funding into the NEAR ecosystem, coordinates governance among participants, educates people about the protocol and ensures that relationships among the community members are as strong and sustainable as the apps they build. It seeks to combine the inclusive care of a community-driven NGO with the at-scale effectiveness of a Silicon Valley startup.
As the NEAR Foundation's Head of Security, you wear a substantial number of hats. This position reports to the CEO but interacts heavily with the technical leaders and founders of the NEAR project. Security team’s goals are the following:
Maximize the safe use of the NEAR tech stack and maintain the freedom to operate;
Protect NEAR’s users and partners while maintaining great user and developer experience;
Protect the organization while sustaining contributor engagement and morale;
Ensure security objectives are sufficient to mitigate evolving risks - achieve those objectives by embedding security into the operations and engineering lifecycle of the organization.
As a Head of Security, you will do the following:
- Build a great security team ensuring every role/hire reflects the above goals;
- Work with core protocol engineering teams to continuously improve security of NEAR’s core tech stack;
- Advise companies across NEAR Ecosystem around security and engineering processes;
- Resilience and Recovery: establish resiliency practices to ensure failures of any sort are managed well, including a rigorous process for incident and close-call analysis to apply lessons learnt;
- Establish a rigorous process of continuous control monitoring to assure ongoing implementation of controls to meet security objectives and, additionally, to ensure adherence to chosen audit frameworks (for example, SOC2);
- Systematically integrate security objectives into operations and engineering processes;
- Define Key Risk and Performance Indicators that encode security goals. Constantly adjust these goals to reflect the organization's needs. Make sure they are aligned with engineering goals.
- Deep technical skills and preferably experience dealing with threats from state-level actors;
- Familiarity with blockchain and open source communities. You will help us create a developer-friendly and welcoming community;
- Expertise in hiring and managing a team of security specialists;
- You should be able to work across other teams like Engineering, Legal, Compliance, Marketing with a shared sense of purpose. No room for ego here. People should want to work with you. Interpersonal skills are a must;
- While you should be relentlessly resourceful about securing Foundation, contributors and Ecosystem as the whole, you should be also very comfortable in dealing with degrees of risk not absolutes;
- You should be a great communicator and remain calm under pressure during any potential incidents or juggling multiple priorities. You should run toward problems. Calm, practical, self-aware and self-confident approach to assessing and interacting with people.
This is a full-time, remote position with the NEAR Foundation (which is based in Zug, Switzerland). Preference will be given for candidates located in Switzerland or Germany or who can move without visa support but the position is remote and open globally.