< Back to results

Technical Senior Security Program Manager


OpenSea Jobs / Worldwide - Remote / Technical Services
Job Overview

OpenSea is the first and largest marketplace for non-fungible tokens, or NFTs. Applications for NFTs include collectibles, gaming items, domain names, digital art, and many other items backed by a blockchain. OpenSea is an open, inclusive web3 platform, where individuals can come to explore NFTs and connect with each other to purchase and sell NFTs. At OpenSea, we're excited about building a platform that supports a brand new economy based on true digital ownership and are proud to be recognized as Y Combinator's #4 ranked top private company.


When hiring candidates, we look for signals that a candidate will thrive in our culture, where we default to trust, embrace feedback, grow rapidly, and love our work. We also know how critical it is to celebrate and support our differences. Employing a team rich in diverse thoughts, experiences and opinions enables our employees, our product and our community to flourish. We are dedicated to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. To help facilitate this, we support remote, hybrid or onsite work at either New York City, San Francisco or the Silicon Valley for the majority of our opportunities.

We are looking for a Security Program Manager that will drive our vulnerability management program and security initiatives across product, engineering, and business enablement. As the first security program manager, you will establish the foundation in which the security team and company will build on top of. Below is a list of high level programs where we are looking for a senior program manager to step in and drive immediately. Each program has significant depth when fully built out and more security focused programs will need to be created over time.

Responsibilities

  • Lead the Vulnerability Management Program by accelerating and improving the quality of the findings through our public bug bounty program, third party pentests, and internal red teaming. Then ensure timely and accurate triage of findings by partnering with the Application Security Engineering group. Ultimately driving to remediation of identified vulnerabilities across the organization from incident response for critical findings to backlog management for low severity findings
  • Improve the security incident management process and incident command active security incidents in order to reduce the active time of exposure and ensure we do not have repeat incidents.
  • Partner with the InfraSec team to drive the Vendor Security Audit Program to ensure proper awareness of risk exposure of vendors
  • Partner with the AppSec team to drive Product Security Reviews to enable high velocity product teams to build secure by design products
  • Manage our threat intelligence gathering (both physical and cyber) to ensure the team and company make decisions with proper awareness of the threat landscape.
  • Provide insight and suggestions to steer the security roadmap

Desired Experience

  • Strong program management skills in both designing programs and facilitating them
  • Influence and affect change in cross functional collaborators in order to successfully complete tasks within required timelines.
  • Prioritize effectively and multitask efficiently
  • Understanding of common styles of vulnerabilities and how they apply various systems
  • Risk analysis and risk based decision making skills
  • Excellent written and verbal communication skills as you’ll be communicating publicly with researchers and partners.

  • If you don't think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box, and we're looking for someone who is excited to join the team.
The base salary for this full-time position, which spans across multiple internal levels depending on qualifications, ranges between $170,000 - $285,000 plus benefits & equity.

More Jobs at OpenSea


OpenSea Overview

At OpenSea, we're excited about a brand new type of digital good called a non-fungible token, or NFT. NFTs have exciting new properties: they’re unique, provably scarce, tradeable, and usable across multiple applications. Just like physical goods, you can do whatever you want with them! You could throw them in the trash, gift them to a friend across the world, or go sell them on an open marketplace. But unlike physical goods, they're armed with all the programmability of digital goods.

Website Twitter LinkedIn Job Archive


Visit OpenSea Careers Page (opens new tab)
OpenSea Jobs by Location

Check below to see all of the open OpenSea jobs organised by office location.

New York (4)

San Francisco (1)

US - Remote (4)

Worldwide - Remote (8)

OpenSea Jobs by Team

Check below to see all of the open OpenSea jobs organised by team.

Compliance (3)

Engineering & Modelling (9)

Finance & Accounting (2)

Marketing & Communications (1)

Product & Design (1)

Technical Services (1)


Fatal error: Uncaught GuzzleHttp\Exception\ClientException: Client error: `GET https://api.twitter.com/2/users/by/username/opensea` resulted in a `429 Too Many Requests` response: {"title":"Too Many Requests","detail":"Too Many Requests","type":"about:blank","status":429} in /home/rzs3wdhqozru/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113 Stack trace: #0 /home/rzs3wdhqozru/vendor/guzzlehttp/guzzle/src/Middleware.php(69): GuzzleHttp\Exception\RequestException::create() #1 /home/rzs3wdhqozru/vendor/guzzlehttp/promises/src/Promise.php(204): GuzzleHttp\Middleware::GuzzleHttp\{closure}() #2 /home/rzs3wdhqozru/vendor/guzzlehttp/promises/src/Promise.php(153): GuzzleHttp\Promise\Promise::callHandler() #3 /home/rzs3wdhqozru/vendor/guzzlehttp/promises/src/TaskQueue.php(48): GuzzleHttp\Promise\Promise::GuzzleHttp\Promise\{closure}() #4 /home/rzs3wdhqozru/vendor/guzzlehttp/promises/src/Promise.php(248): GuzzleHttp\Promise\TaskQueue->run() #5 /home/rzs3wdhqozru/vendor/guzzlehttp/promises/src/Promise.php(224): GuzzleHttp\Promise\Promise->invokeWaitFn() #6 /home/rzs3wdhqozru/vendor/guzzlehttp/promises/src/Promise.php(269): GuzzleHttp\Promise\Promise->waitIfPending() #7 /home/rzs3wdhqozru/vendor/guzzlehttp/promises/src/Promise.php(226): GuzzleHttp\Promise\Promise->invokeWaitList() #8 /home/rzs3wdhqozru/vendor/guzzlehttp/promises/src/Promise.php(62): GuzzleHttp\Promise\Promise->waitIfPending() #9 /home/rzs3wdhqozru/vendor/guzzlehttp/guzzle/src/Client.php(187): GuzzleHttp\Promise\Promise->wait() #10 /home/rzs3wdhqozru/vendor/coderjerk/bird-elephant/src/Request.php(78): GuzzleHttp\Client->request() #11 /home/rzs3wdhqozru/vendor/coderjerk/bird-elephant/src/Users/UserLookup.php(73): Coderjerk\BirdElephant\Request->bearerTokenRequest() #12 /home/rzs3wdhqozru/vendor/coderjerk/bird-elephant/src/Users/UserLookup.php(85): Coderjerk\BirdElephant\Users\UserLookup->getSingleUserByUsername() #13 /home/rzs3wdhqozru/vendor/coderjerk/bird-elephant/src/ApiBase.php(75): Coderjerk\BirdElephant\Users\UserLookup->getUserIdFromUsername() #14 /home/rzs3wdhqozru/vendor/coderjerk/bird-elephant/src/Tweets/Timeline.php(70): Coderjerk\BirdElephant\ApiBase->getUserId() #15 /home/rzs3wdhqozru/vendor/coderjerk/bird-elephant/src/Tweets/Timeline.php(43): Coderjerk\BirdElephant\Tweets\Timeline->getTimeline() #16 /home/rzs3wdhqozru/vendor/coderjerk/bird-elephant/src/User.php(263): Coderjerk\BirdElephant\Tweets\Timeline->getTweets() #17 /home/rzs3wdhqozru/public_html/aa-sites/cryptojobs.co/modules/twitter.php(23): Coderjerk\BirdElephant\User->tweets() #18 /home/rzs3wdhqozru/public_html/aa-sites/cryptojobs.co/job.php(305): include('/home/rzs3wdhqo...') #19 {main} thrown in /home/rzs3wdhqozru/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php on line 113