OpenSea is the first and largest marketplace for non-fungible tokens, or NFTs. Applications for NFTs include collectibles, gaming items, domain names, digital art, and many other items backed by a blockchain. OpenSea is an open, inclusive web3 platform, where individuals can come to explore NFTs and connect with each other to purchase and sell NFTs. At OpenSea, we're excited about building a platform that supports a brand new economy based on true digital ownership and are proud to be recognized as Y Combinator's #4 ranked top private company.
When hiring candidates, we look for signals that a candidate will thrive in our culture, where we default to trust, embrace feedback, grow rapidly, and love our work. We also know how critical it is to celebrate and support our differences. Employing a team rich in diverse thoughts, experiences and opinions enables our employees, our product and our community to flourish. We are dedicated to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. To help facilitate this, we support remote, hybrid or onsite work at either New York City, San Francisco or the Silicon Valley for the majority of our opportunities.
We are looking for a Security Program Manager that will drive our vulnerability management program and security initiatives across product, engineering, and business enablement. As the first security program manager, you will establish the foundation in which the security team and company will build on top of. Below is a list of high level programs where we are looking for a senior program manager to step in and drive immediately. Each program has significant depth when fully built out and more security focused programs will need to be created over time.
- Lead the Vulnerability Management Program by accelerating and improving the quality of the findings through our public bug bounty program, third party pentests, and internal red teaming. Then ensure timely and accurate triage of findings by partnering with the Application Security Engineering group. Ultimately driving to remediation of identified vulnerabilities across the organization from incident response for critical findings to backlog management for low severity findings
- Improve the security incident management process and incident command active security incidents in order to reduce the active time of exposure and ensure we do not have repeat incidents.
- Partner with the InfraSec team to drive the Vendor Security Audit Program to ensure proper awareness of risk exposure of vendors
- Partner with the AppSec team to drive Product Security Reviews to enable high velocity product teams to build secure by design products
- Manage our threat intelligence gathering (both physical and cyber) to ensure the team and company make decisions with proper awareness of the threat landscape.
- Provide insight and suggestions to steer the security roadmap
The base salary for this full-time position, which spans across multiple internal levels depending on qualifications, ranges between $170,000 - $285,000 plus benefits & equity.