Head of Security

📋 Description

• • **Architect the Future of AI Security:** As the Head of Security at 0G, you will be instrumental in building and safeguarding the foundational infrastructure for a decentralized AI operating system. This is a unique opportunity to secure the very fabric of the decentralized AI economy, moving beyond traditional corporate security to encompass the intricate world of blockchain protocols and advanced AI systems.
• • **Own the Holistic Security Vision:** You will be responsible for the complete security architecture, from ensuring the cryptographic integrity of our Layer 1 protocol to maintaining the operational security of our global, remote workforce. This role demands a visionary leader who can anticipate threats and build robust defenses for a complex, hybrid threat landscape.
• • **Lead Compliance and Governance (GRC):** Design and execute a comprehensive 24-month security roadmap that aligns with 0G's ambitious trajectory from testnet to mainnet and beyond. You will spearhead the end-to-end preparation and audit processes for both SOC2 Type II and ISO 27001 certifications, defining scope, implementing controls, and managing relationships with external auditors. This includes leveraging cutting-edge AI tools, such as LLMs, to continuously analyze internal policies against evolving regulations like the EU AI Act and NIST AI RMF, automating evidence collection and enabling a state of continuous compliance rather than point-in-time adherence.
• • **Establish Robust Operational and Corporate Security (SecOps):** Implement and enforce a Zero-Trust Architecture by designing and mandating stringent Identity and Access Management (IAM) policies. This includes the mandatory use of hardware-based 2FA (YubiKey FIDO2) for all critical systems, including AWS, GitHub, and Google Workspace, ensuring a high level of access control.
• • **Secure a Global, Remote Workforce:** Develop and manage strategies to secure a fully remote, globally distributed team. This involves implementing and overseeing Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) solutions to maintain fleet-wide security hygiene without impeding developer productivity and velocity.
• • **Protect Intellectual Property and Sensitive Data:** Implement advanced controls to safeguard intellectual property and sensitive corporate data. You will utilize AI-driven solutions to detect anomalous data exfiltration behaviors and mitigate insider threats, ensuring the confidentiality and integrity of our most valuable assets.
• • **Oversee Product and Protocol Security:** Manage the entire lifecycle of smart contract security, including overseeing the external audit pipeline and fostering strong relationships with top-tier audit firms and bug bounty platforms like Immunefi. You will integrate security gates within the CI/CD pipeline using tools like Slither and Mythril to identify and rectify vulnerabilities before deployment.
• • **Guard the Crown Jewels:** Take ownership of the Key Management System (KMS), specifically managing the Multi-Party Computation (MPC) and Multi-Sig wallet infrastructure for both corporate treasury and critical protocol operational keys, such as bridges and upgrade proxies.
• • **Enhance Supply Chain Security:** Implement measures to secure the software supply chain, including the generation and management of Software Bill of Materials (SBOMs), to prevent injection attacks within our node software and dependencies.
• • **Pioneer AI-Native Defense (The Agentic SOC):** Build and manage an innovative 'Agentic SOC' where AI agents autonomously perform threat hunting, triage alerts, correlate logs across diverse platforms (blockchain and cloud), and propose remediation steps. This represents a paradigm shift in security operations, leveraging AI to create a self-defending enterprise.
• • **Conduct Adversarial AI Testing:** Collaborate closely with the research team to conduct rigorous red-teaming exercises on our own AI models. This involves simulating sophisticated attacks such as model poisoning, extraction attacks, and membership inference attacks to continuously harden the 0G Compute Network against emerging AI-specific threats.
• • **Be the Architect of Trust:** Guide 0G through complex security challenges, acting as the ultimate architect of trust in a rapidly evolving technological landscape. This role is not just about defense; it's about enabling innovation securely.