Maker is a smart contract platform on Ethereum that backs and stabilizes the value of the Dai stablecoin through a dynamic system of Collateralized Debt Positions (CDPs), autonomous feedback mechanisms, and appropriately incentivized external actors. It is a decentralized infrastructure without a central operator.
It is one of the oldest Ethereum projects with very experienced technical team of blockchain developers. We believe in a future that leverages the power of decentralization for trustless transactions. With Maker, we are carrying out our vision of creating a decentralized stablecoin that will unlock unique benefits of a complete financial ecosystem on the blockchain, and democratize financial inclusion.
We form our teams around availability of talent into co-located or distributed agile teams. In the techops team, you will work together with our chief techops/devops engineer to help define, implement, and maintain security strategy and policies across the decentralized Maker organization.
We have offices in Copenhagen, Warsaw, London, Buenos Aires, San Francisco, New York, and Singapore, but it is also possible to work remotely in this position. The responsibilities sometimes require working evenings and weekends, sometimes with little advance notice. No regular travel is required.
- Help define a coherent security strategy for a decentralized organization within the blockchain industry, consulting relevant stakeholders in the process.
- Help define practical security policies based on strategy, combining a flexible work environment with high-security requirements.
- Creating and maintaining information, infrastructure, and blockchain assets inventories. Inventory management with enforcement of the right security policies based on risk classification.
- Capturing, assessing, and categorizing the security risks of current working practices within Maker.
- Prioritizing changes to existing security practices to gradually improve these practices in the organization.
- Manage and follow up on the implementation of these improvements.
- Organizing and participating in incident response procedures within the techops team. Performing post-mortem and forensics analyses where necessary.
- Setting up monitoring and notification mechanisms for the detection of security vulnerabilities and breaches.
- Setting up and managing periodic security audits.
- Clearly communicate with the development teams and other teams within Maker about changing policies and address any related user concerns.
- Coaching, training, and knowledge sharing where necessary to improve awareness and understanding of security risks and practices within the organization.
- Understanding security and blockchain industry best practices and apply to the context of the Maker decentralized organization.
- Staying up-to-date with the latest news regarding industry security vulnerabilities and fixes. Applying security patches and upgrades across the organization in a timely manner. Paying special attention to blockchain-specific vulnerabilities.
- Identify in-house blind spots and knowledge gaps. Select, consult, and work with subcontractors where necessary for the safe operation of the Maker data & infrastructure.
- Experience with the following or equivalent technologies & practices is an essential part of your skill set:
- Proven work experience as a system security engineer or information security engineer
- Good knowledge of OWASP security principles and top vulnerabilities, methods to test for them and to remediate
- Advanced Linux and shell scripting. Familiar with firewall concepts and intrusion prevention software (iptables, fail2ban)
- Knowledge and experience with network and security protocols – HTTP and HTTPS, TLS/SSL, SSH, IPSec. Familiar with packet analyzer tools (Wireshark) and port scanners such as nmap.
- Proven experience in DDoS attacks mitigation / realtime protection; MiTM attacks prevention; email spoofing prevention
- Familiar with cloud providers (AWS, Digital Ocean) and their security assessment tools
- Knowledge of Content Delivery Networks (Cloudflare, Amazon CloudFront).
- Experienced in both SQL / NoSQL databases (PostgreSQL, RethinkDB, MongoDB) and best security practices (data encryption at rest and in transit)
- Experienced in securing web apps and familiar with web vulnerability scanners
- Experienced in securing mobile apps
- Familiar with Docker architecture and security best practices
- Basic programming skills
- Git / GitHub knowledge
- JIRA, Confluence experience
- Experience working in distributed agile teams and using online collaboration tools