The SecOps contributor workstream is responsible for helping the DAO to integrate security into development processes, managing incidents, and collaborating with teams. This role develops response plans, conducts assessments, and ensures effective communication of security practices. Essential skills include technical security assessments, programming, and strong communication abilities, with blockchain and DevOps experience being advantageous.
ResponsibilitiesSecurity IntegrationDevelop secure systems to protect Lido Protocol, DAO, applications, contributors, partners, and stakers.
Define processes, systems, and applications to make attacks difficult to execute and easy to detect.
Embed security practices and tools within the development pipeline.
Develop and maintain incident response plans and playbooks.
Perform regular vulnerability assessments and penetration testing.
Lead or participate in incident response activities, including investigation, containment, eradication, and recovery.
Monitor security alerts and incidents to identify and respond to threats promptly.
Collaborate with development and operations teams to ensure security is incorporated from design to deployment and maintenance.
Provide training and support on security tools and techniques, emphasizing soft skills like communication, negotiation, and influence.
Experience with technical security assessments, code audits, design reviews, and vulnerability research.
Proficiency in programming languages (Python, Golang, JavaScript, Bash).
Experience with security tools and technologies (SIEM, IDS/IPS, vulnerability scanners, automated security testing).
Excellent communication skills to articulate security concepts to technical and non-technical stakeholders.
Strong problem-solving abilities for security investigations and risk assessments.
English level: B2+
Experience with blockchain technologies, Ethereum-based networks, web3 bug hunting, and contract analysis.
Familiarity with DevOps practices and tools (Docker, Kubernetes, GitHub Actions, Git, Ansible, Terraform).
Experience with supply chain attacks analysis and prevention.
Focus on improving real-world security, not compliance.
Contribute from anywhere in the world.
Competitive compensation level.
Flexible schedule.
Compensation for education, including language & professional growth courses.
Equipment & co-working reimbursement program.
Skills Required
- Technical security assessments, code audits, design reviews, and vulnerability research
- Proficiency in Python, Golang, JavaScript, and Bash
- Experience with security tools (SIEM, IDS/IPS, vulnerability scanners, automated security testing)
- Excellent communication skills to convey security concepts to technical and non-technical stakeholders
- Strong problem-solving abilities for security investigations and risk assessments
- English level B2+
- Experience with blockchain technologies, Ethereum-based networks, web3 bug hunting, and contract analysis
- Familiarity with DevOps tools and practices (Docker, Kubernetes, GitHub Actions, Git, Ansible, Terraform)
- Experience analyzing and preventing supply chain attacks
- Focus on practical security improvements rather than compliance
What We Do
Lido is the leading liquid staking solution for Ethereum. Staking via Lido gives you daily network staking rewards whilst making sure that your tokens remain liquid and can be used across the DeFi ecosystem. Lido's mission is to keep Ethereum staking simple, secure and decentralised. Join us.
