• This is a fully remote role

About Ceffu

Ceffu is a leading institutional-grade digital asset custody platform, offering secure, compliant, and scalable solutions for enterprises, hedge funds, and financial institutions. Our mission is to provide cutting-edge security and infrastructure to support the seamless integration of blockchain technology into institutional finance.

Job Summary

We are seeking a visionary security architect and battle-hardened leader to define the defense strategy for our digital asset custody platform.

As CISO, you will move beyond traditional perimeter defense to architect a Zero Trust environment where no user, device, or service is trusted by default—inside or outside the network. You will be the technical authority on cryptographic security, owning the "Defense-in-Depth" strategy that protects our clients' private keys and data against sophisticated state-level and criminal threats.

Key Responsibilities

1. Zero Trust Architecture & Network Security

• Identity-Centric Security: Abolish the concept of a "trusted internal network." Architect a Zero Trust framework where access to sensitive infrastructure (especially Hot/Cold wallets) requires continuous, contextual authentication (e.g., device health + user identity + location + behavior).
• Micro-Segmentation: Implement strict segmentation across cloud and on-premise environments to prevent lateral movement. Ensure that a compromise in the web layer cannot technically reach the signing layer.
• Least Privilege: Enforce "Just-in-Time" (JIT) and "Just-Enough-Access" (JEA) access privileges for all engineering staff.

2. Cryptographic Custody Architecture

• Key Ceremony Design: Architect the physical and digital protocols for Key Generation Ceremonies. You ensure high-entropy environments and "air-gapped" integrity during critical lifecycle events.
• Hardware Security: Oversee the lifecycle and configuration of Hardware Security Modules (HSMs) and Trusted Execution Environments (TEEs/Enclaves).

3. Product Security (DevSecOps)

• Secure Software Development Life Cycle (SSDLC): Embed security gates into the CI/CD pipeline. Ensure that static/dynamic analysis (SAST/DAST) and dependency scanning are blockers for deployment, not optional steps.
• Smart Contract Security: Oversee internal audits and coordinate external audits for any blockchain interaction layers.
• Threat Modeling: Lead threat modeling sessions for every new product feature, ensuring "Security by Design" principles are applied before a single line of code is written.

4. Offensive Security & Threat Intelligence

• Red Teaming: Manage a continuous offensive security program. Regularly simulate advanced persistent threats (APTs) to test the alertness of the SOC and the resilience of the architecture.
• Vulnerability Management: Own the internal vulnerability disclosure process. Prioritize remediation based on risk to assets, not just CVSS scores.

5. Incident Response & Resilience

• Commander-in-Chief: Act as the primary Incident Commander during critical security events.
• Resilience Engineering: Work with DevOps to design systems that fail securely. Ensure that in the event of a total system compromise, the "Crown Jewels" (private keys) remain mathematically inaccessible.

Requirements/Qualifications

• Experience: 8+ years in Information Security, proven track record or past experiences as a CISO or in a similar management role in high-stakes environments (e.g. Web3, Banking).
• Deep understanding of Zero Trust principles (NIST SP 800-207).
• Experience with Cloud Native Security (Kubernetes hardening, Service Mesh security).
• Knowledge of Applied Cryptography (Elliptic Curve Cryptography, MPC, Zero Knowledge Proofs).
• Familiar with Digital Asset Custody domain knowledge
• Leadership with proven ability to lead "Blue Teams" (Defense) and manage "Red Teams" (Offense).
• Certifications: Technical certifications such as OSCP (Offensive Security), CISSP-ISSAP (Architecture), CCSS (Crypto Currency Security Standard), or cloud-specific security certifications (AWS Certified Security - Specialty) are highly valued.
• Fluency in Turkish and business level proficiency in English.