Who We Are
The Solana Foundation is dedicated to the adoption, decentralization, and security of the Solana network. Our mission is to help support and grow the Solana network and its community while driving mass adoption for blockchain. The Solana Foundation is working to realize a world where individuals own their data, use permissionless networks, and transfer information freely around the world.
About the Role
As Solana Foundation’s Head of Security, you will own the design and implementation of a comprehensive security strategy and internal controls to ensure the Solana Foundation’s data, processes and assets are secure according to best practices of both the existing IT industry as well as the unique and evolving security landscape in the crypto industry.
This person will be a key member of the Solana Foundation team, reporting to the Executive Director. You will be a strategic partner in building a best-in-class security program – owning initiatives of security governance, risk, operations, digital asset security, threat response and regulatory compliance. Through navigating this space, the best candidates will retain a sense of practicality about their work, and be able to evaluate when a security system is serving a function, or security theater.
As the Solana Foundation exists to serve the broader Solana community, the Head of Security will stay abreast of the latest security practices, tools and vulnerabilities in the industry and work with the relevant teams to communicate and provide appropriate guidance to the Solana community.
In this role, you will:
- Design, implement and enforce a comprehensive security strategy across all business areas of Solana Foundation
- Perform internal audits and risk assessments on a continuous basis across all disciplines in order to properly assess the program maturity and areas of imminent risk needing immediate improvements.
- Own all Corporate Security functions including but not limited to corporate device security, access management and wireless security across physical offices.
- Define destination-appropriate policies for employee work travel. The Solana Foundation team routinely travels to events large and small all over the world. Provide proactive guidance before travel, and provide a process for immediate responsive or forensic actions as necessary.
- Define processes for detection, alerting and response of relevant personnel in the event of a security incident
- Manage expense and capital budgets for security investments
- Engage with industry peers to stay informed about the latest practices for individual, corporate and financial security in the crypto space.
- Engage in IT-ISAC, Crypto-ISAC and other relevant security industry working groups for information sharing of threat assessment, prevention and response coordination.
- Work with technical experts in protocol and smart contract security to ensure adequate resources are allocated to the security of the Solana network.
- In collaboration with internal and external teams, define and advocate for more mature security practices and guidance across the broader Solana ecosystem.
- Bachelors in Computer Science, Information Security, Information Management Systems, or related field
- 12+ years of experience in relevant hands-on executing positions in Information Security, IT, and Engineering – preferably in innovative environments including crypto or fintech
- 4+ years in leadership roles within enterprise security (IT, network, systems, application & cloud security)
- Experience in conducting audits and implementing different controls
- Hands-on experience in maintaining and implementing information security compliance and security engineering
- Willingness to get your hands dirty. This is both a strategy-setting and direct execution role.
- Strong knowledge of human-centric security design practices and modern zero-trust security architecture.
- Deep understanding of the unique security challenges encountered in the cryptocurrency industry
- Strong written and verbal communication skills and ability to effectively interface with both technical staff and leadership
- Empathy for users and engineers who are not used to operating in secure environments
- Knowledge of SOC 1, SOC 2 & ISO 27001 compliance is helpful but not essential. We require results, not certifications.