Director, DevSecOps

OUR VISION

In the new and exciting world of the decentralized internet, otherwise known as Web3, it is an individual’s fundamental right to own and control their digital identity. To ensure that the individual is paramount in Web3, we are developing a suite of applications to enable everyone to safely engage, take part, and transact in the emerging, decentralized world of the internet. Our platform centers on Web3 Identity and leverages that identity to provide individuals with secure digital asset storage and recovery, access to decentralized finance, the ability to prove ownership of their creations, and gateways to digital interactions and experiences – all to empower and benefit every Web3 user.

We believe that the decentralized nature of Web3 creates an opportunity for everyone to challenge the digital status quo—to own and control their identity, data, finances, creations, and future. This is the chance to get it right – to rally a movement of individuals so Web3 belongs to everyone, not to trillion-dollar companies. To fulfill this vision, we are seeking dynamic people who want to join us in leading the way to this new world.

WHAT YOU WILL DO

As a key member of the Cyber/IT team with robust interaction across other functions – Product, Engineering and GRC – the DevSecOps Director will be critical to the realization of DevSecOps principles and best practices at Blockchains. The key responsibility of the role is to requite executive sponsorship for DevSecOps in Blockchains with strong communications, process and procedural alignment, KRI/KPI-driven decisioning and tight allocation of resources across functions to drive security and innovation, both at scale, in software engineering, builds and deployments. The ideal candidate has tactical or leadership skills in development and IT operations experience as well as demonstrable cybersecurity savvy –a security-first mindset – and is able to analyze issues, articulate solutions, coach/mentor responsibilities for key functional groups, and catalyze action to advance us on our journey to DevSecOps excellence.

Demonstrate thought and tactical leadership to advance Blockchains’ DevSecOps maturity:

• Bridge Product, Engineering and Cyber/IT teams‘ application-security (app-sec) initiatives – strategic, architectural, tooling and operational – including navigated refinements to policy, process, procedural, technical and other provisions.
  • Align cross-functionally on issues and direction, clearly communicated, and mobilize action across teams and per consensus on an action plan to ensure code and operational integrity.
  • Responsible for vulnerability management, and core contributor to exception and release management – and driver of applicable reporting across platforms and products.
  • Develop, define and sustain security standards and best practices around a zero-trust approach.
• Manage app-sec lifecycle of architecture, tooling and operations:
  • Work productively with Engineering and Cyber/IT teams to accelerate momentum for CI/CD pipeline automation – from tooling and governance (process, procedures and playbooks) perspectives – and motivate app-sec champions to own and drive adherence to standards. Serve as point of contact for product teams on all such matters.
  • Enable and champion constant refinement in DevSecOps practices, including automation of SAST, DAST, IAST, MAST along with threat modeling, code peer reviews, penetration testing, security remediation and security monitoring/incident response enablement.
• Manage cross-functional Cyber/IT, GRC and Engineering projects:
  • Evaluate risk of proposed action or of inaction, with cost/benefit analyses – may relate to new technologies, operational adjustments or apply to other scenarios.
  • Identify new tools or innovate on existing provisions, tooling or procedural, to drive new efficiencies and to augment impact of DevSecOps capacity and performance.
  • Identify and propose controls for risks, technical or operational, crafting appropriate governance apparatus for review, refinement and adoption by team(s) upon approval.
  • Coach so as to enable security champions and raise awareness – in peer-to-peer training, workshops or less structured initiatives – of DevSecOps principles and practices, and work with team members across functions to drive corresponding tactics.

WHAT YOU WILL NEED TO SUCCEED

Essential to success in this role is an uncommon mix of attributes: fact-based, logical, analytical; self-directed technical savvy and cross-team thought and plan-based leadership to evolve DevSecOps know-how and ensure adoption; ability to capture, assess and distill large amounts of information and to summarize their scope and significance; intuitive sense with capacity to form, test, affirm or deny hypotheses; exemplary interpersonal skills, effortless interaction and native partnering with different personality types across professional functions – business, legal, IT, cybersecurity, product design, application development to name a few – both inside and outside the organization; effective at getting things done under occasionally tight timeframes, with minimal supervision and a robust sense of humor.

YOUR EDUCATION AND EXPERIENCE

• Bachelor’s degree and relevant work experience
• 10+ years of software industry, IT operations and cybersecurity experience of which at least three in the prior five years have been in application-security or, preferably, DevSecOps
• Successfully served/demonstrated as the go-to-person to resolve and prevent security issues, deriving impactful solutions.

Blockchains, Inc. (“Blockchains”) is proud to be a diverse workforce, and we are committed to inclusion and diversity to ensure equal opportunity for all applicants. Blockchains provides equal employment opportunities to all employees and applicants regardless of race, color, religion, sex, sexual orientation, gender identity and/or expression, national origin, age, marital status, physical or mental disability, veteran status, or any other characteristic protected by federal, state, or local laws.

When you apply to a job on this site, the personal data contained in your application will be collected by Blockchains, Inc. (“Controller”), which is located at 610 Waltham Way, Sparks, NV 89437 and can be contacted by emailing [email protected]. Controller’s data protection officer is Edward O'Connor, who can be contacted at [email protected]. Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.

Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under [either the standard contractual clauses or the Privacy Shield]. You can obtain a copy of the standard contractual clauses by contacting us at [email protected]. 

Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment.  Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with an EU supervisory authority.