> HackerTyper Jobs

Director of Security

Denver, United States, Remote

Company Overview

Our mission at Electric Coin Co. is to empower economic freedom, and to that end, we created and launched the Zcash digital currency in 2016. Today — along with other independent teams and developers — we continue to support the Zcash community through product development, awareness and adoption, and cutting-edge research initiatives. Electric Coin Company also engages in a variety of media and social media channels to communicate with a wide audience, educate, maintain transparency, and broadcast our message to the world.

Job Responsibilities

Zcash and ECC have an enviable reputation for security assurance and for the thoroughness of our responses to past security issues. But as Zcash’s market cap increases, so do the risks and potential attention from adversaries.

We are seeking a Director of Security to take responsibility for overseeing and improving the following processes within ECC:

  • Working with the team leaders and engineers to maintain and further improve the high standards of security and resilience that ECC and Zcash’s protocols and software have come to be known for.
  • Administering and improving the security incident response process within ECC. You will be responsible for managing effective, quick, and thorough responses to security vulnerabilities discovered in our software, supply chains, and infrastructure, interacting with external security researchers who may have found vulnerabilities and representatives of other projects that may be affected. This includes ensuring that staff are familiar with the security incident response process.
  • Communicating security flaws and their mitigations —with precision, timeliness, actionable information, and the appropriate degree of reassurance— to the Zcash and wider cryptocurrency and infosec communities. You will choose whether and how to respond to instances of misinformation about Zcash’s security properties.
  • Building and maintaining our relationships with other projects that share Zcash technology, to improve on and surpass industry-standard security disclosure processes in the cryptocurrency space.
  • Creating and managing relationships with external providers of security assessments. Working with the Director of Research and Assurance, you will find suitable external auditors for implementation and specification audits, schedule audits, provide auditors with the information they need to be most effective, critique and validate their work, and ensure that they are properly incentivized to provide value. You will expand on any themes arising from these assessments, continuously using the feedback to develop and advocate for appropriate security within the company.
  • Helping ECC’s staff with advice and resources to secure their computing devices, and to respond to physical and virtual threats against their safety and that of their families, their wealth, and their other possessions. This includes responding to attacks against ECC staff for which the security incident response process may not be best suited.
  • On-boarding new staff to relevant security procedures, ensuring that they are able to quickly get up-and-running with the permissions they need and the knowledge to use them securely. You will also administer off-boarding processes to mitigate the risk of past employees’ and contractors’ access being misused.
  • Directing the maintenance and acquisition of security-relevant infrastructure, devices, and software. You will be responsible for budgeting our security spend each year, taking into account the product and company roadmaps.
  • Documenting and keeping track of security policy; and maintaining procedures to ensure that actual permissions match intended permissions, consistent with the principle of least privilege while also avoiding unnecessary obstacles to getting work done. You will directly assist and support in the secure use of cloud computing solutions in our infrastructure.
  • Ensuring compliance with applicable security-related regulatory requirements, such as data protection law.
  • Working with the Engineering Team and Q.A. lead on processes, techniques, and training to head off bugs before they happen. Overseeing the development of proactive mitigations and countermeasures to reduce the risks from software, protocol, infrastructure, and supply chain vulnerabilities.
  • Collaborating with ECC’s Director of Research and Assurance to ensure that we use the most effective, up-to-date techniques to improve the assurance of our cryptographic code and to limit the leakage of information about user activities.
  • In collaboration with the Director of Engineering and the Director of Research and Assurance, helping to prioritize security mitigations relative to other activities. This will include refining processes to reduce the resources spent on issues with no impact, or only trivial and well-understood impact.
  • Reviewing the backlog of security issues that have been raised to determine whether each was properly resolved, or whether it should be re-prioritized.
  • Helping to develop and maintain specifications to enhance, document, and support security analysis of the Zcash protocol, either led by ECC or in collaboration with third-party developers.
  • Maintaining awareness of developments in the wider Zcash community, to ensure that ECC’s efforts are complementary to, and able to take advantage of those developments.
  • Recruiting and onboarding new top-tier talent to security-focused roles.

The Director of Security will work alongside the Director of Research and Assurance and the Director of Engineering. To clarify the boundaries of these roles:

  • The Director of Security is primarily responsible for security incident response, and will also act as an internal adversarial party by attempting to discover flaws in Zcash specifications and the software that implements them.
  • The Director of Research and Assurance is primarily responsible for ECC’s contributions to research, protocol design, specification, and long-term security assurance of the Zcash protocol.
  • The Director of Engineering is primarily responsible for development of the Zashi and Zallet wallets and their supporting code in the Zcash core libraries, and also the allocation of ECC engineering resources when needed to improve third-party software such as the Zebrad consensus node and the Zaino chain indexer.
Apply now

Electric Coin Company

Apply now