Who we are:
PolySign is a startup in downtown Oakland working on institutional custody for cryptocurrencies. Cryptocurrencies are an exciting emerging market, but the lack of institutional grade custody solutions is a major obstacle in the way of mainstream adoption. As a member of a small, world-class technical team, you can have a huge impact on our solution and the success of cryptocurrencies.
PolySign is co-founded by Arthur Britto, a co-founder of Ripple, a recognized leader in payments technology.
What you'll do:
As the senior security architect, you'll own overall security of the PolySign platform. You oversee security aspects on the platform for other development teams, including DevOps, front end, back end, and mobile. You will engage in extensive threat modeling, lead security reviews of both architecture and code and organize penetration testing. You will document the security aspects of our system for both internal and external consumption, and set up security protocols that protect our systems on an ongoing basis.
You will also have the responsibility to train other engineering members on security topics and skills, as well as help shape the engineering culture of the team as it grows.
- 5+ years of experience in information security
- Extensive experience with threat modeling and security testing
- Experience reviewing code from a security perspective, ideally with Python and C
- Our technical space spans many protocols, languages, and frameworks. Having competency in at least one of them is a prerequisite, including:
- Experience with cloud security, specifically AWS
- Docker and Kubernetes security
- Mobile security, both iOS and Android
- Understanding of Blockchains and crypto-currency and related technologies
- Experience of both offensive and defensive security coding
- Experience with HSMs and certificate management
Nice To Haves:
- Experience in compliance with cybersecurity regulations, policy development and management
- Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc.
- Excellent skills in data governance, risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology
- Develop and implement appropriate processes to achieve and maintain compliance
- CISSP/CISA/CISM certification