Security Manager / CISO, Crypto Facilities

Europe /
IT and Security /
Full-time, Onsite or Remote
About Kraken

Our mission is to accelerate the adoption of cryptocurrency so that you and the rest of the world can achieve financial freedom and inclusion. In our first decade, Kraken has risen to become one of the largest, most successful and respected crypto exchanges in the world. 

We are changing the way the world thinks about finance and our range of successful products are playing a critical role in the mainstream adoption of crypto assets. We continue to trail-blaze into new territory with the introduction of Kraken Bank, providing a more seamless integration between crypto and the traditional financial system. This makes us the first crypto company (ever) to be awarded a U.S. state banking charter. 

Our diverse group of 2,000+ Krakenites are distributed all over the world, united by a shared passion for delighting customers, upholding crypto values and achieving our meaningful mission. We attract people who push themselves to improve, are radically transparent and think differently in order to unlock their potential. 

Crypto is a rapidly evolving industry and we’re just getting started. We’re growing fast and you're invited to join the revolution!

About the role

You'll be joining the Crypto Facilities team to provide Information Security support and advice across the London-based cryptocurrency futures and indices businesses, as well as becoming an extension of the global (and world-class) Kraken IT and Security team.Reporting to the CEO, Crypto Facilities, you'll be the security focused member of a 5-6 FTE DevSecOps team, and will be expected to contribute and learn across the full cloud engineering stack, in addition to deputising for the CISO when it comes to business affairs. You will be (or will become) a "T-shaped" individual with enormous potential to further your career in the burgeoning DevSecOps domain, with the guidance of industry leaders in Security and Infrastructure Engineering, and alongside a mature team of true polyglots, talented microservices developers, infrastructure engineers and SREs.

Requirements -Technical

    • Code or script in at least one modern application development or utility language
    • Use Source Code Management and Document Management systems (e.g. Gitlab, Confluence) to organise business function tasks and publish relevant material
    • Be a competent Linux administrator
    • Know how to build, run and deploy secure Docker containers
    • Be aware of how containers and microservices are configured, and can be secured and orchestrated, in particular using Kubernetes
    • Select, procure, implement, and use tooling to programmatically test and verify the safety and integrity of bespoke software
    • Analyse data sets and produce reports using basic tools (e.g. SQL, POSIX stream processing tools, spreadsheets, ODBC, Python)
    • Understand the principles of secure Identity Management, Authentication, Authorisation and Accounting
    • Understand the implementation of secure messaging and collaboration systems in the context of privacy awareness
    • Have a good comprehension of computer networks, the Internet, and supporting systems such as web servers and proxies
    • Understand DNS, TLS, web protocols, and how traffic on IP networks establishes end-to-end security and trust 

Requirements - Administrative

    • Work highly independently, with multiple stakeholders outside of the formal management structure
    • Take the lead in face-to-face situations where local expertise and general knowledge in Information Security is needed
    • Support the globalisation and / or expansion of the Futures business from a privacy, regulatory, employment and security point of view
    • Write good quality policies, procedures and technical documentation
    • Nurture security awareness in the organisation, curating and producing material to support this, and relate this to the global business, and the current threat landscape
    • Be familiar with risks introduced to organisations by third parties, and processes and practices which can mitigate these
    • Take a risk-based approach to all facets of Information Security, model threats and consider impact and likelihood, play an active part in Incident Response and Purple-teaming
    • Have a "finger on the pulse" of current challenges and exploits in the ecosystem
    • Be an active participant in a truly world class global security organisation

Requirements - Qualifications

    • A degree from an accredited institution, or equivalent relevant experience alongside a good level of general education
    • Familiarity with the spirit and practical application of some of the following: 
    • Cyber Essentials (UK Government)
    • Ten Steps to Cybersecurity (UK Government) 
    • ISO27001, 27002 (International Standards) 
    • GDPR 2016 and DPA 2018 (EU/UK legislation) 
    • Privacy Shield, changes to this, Schrems II, adequacy (EU-US framework) 
    • Optional: relevant and well-regarded certifications in cloud computing such as CKA (Certified Kubernetes Administrator), AWS Professional or Specialty levels, Google Professional level
    • Optional: advanced security accreditation such as CISSP, OSCP, CASP, CCSK

Responsibilities

    • Building application security processes and pipelines to contribute to the development team's move to true Continuous Delivery and Continuous Innovation
    • Working with global Security Risk Management on IS27001 alignment
    • Working with the red team and external providers on vulnerability testing of office and cloud infrastructure 
    • Implementing SAST and DAST systems, dependency scanning with the wider AppSec, SecOps, SRE and Infrastructure teams
    • Implementing and improving secrets management for local and Kraken-wide initiatives
    • Working with global teams on Identity and Access Management projects
    • Relating regional / local business processes and requirements to global controls and policies
    • Writing Futures / region / UK specific (and possibly supplementary) policies and procedures for inclusion in Information Systems Management processes
    • Becoming an active part of the on call, IR and DR structures within Futures
    • Deputising for the CISO and / or fulfilling DevOps responsibilities to cover absence, ensure cross-functional awareness, and to smooth out short term resourcing issues
We’re powered by people from around the world with their own unique backgrounds and experiences. We value all Krakenites and their talents, contributions, and perspectives.

Check out all our open roles at https://www.kraken.com/careers. We’re excited to see what you’re made of.  

Learn more about us

Watch "Top 10 Qualities of Kraken - How to Grow a Decacorn Remixed""
Follow us on Twitter
Catch up on our blog
Follow us on LinkedIn