About The Role

At 0G.ai, we are building the first decentralized AI operating system. We are scaling "Zero Gravity" infrastructure to make AI a public good. As our Head of Security, you will not just protect a company; you will secure the infrastructure of the decentralized AI economy. You will own the holistic security architecture—from the cryptographic integrity of our Layer 1 protocol to the operational hygiene of our remote workforce. You will be the architect of trust, guiding us through SOC2/ISO 27001 certification while deploying cutting-edge AI agents to automate and modernize our defense.

This is not a traditional CISO role. You will be responsible for a hybrid threat landscape that spans Consensus Security (preventing 51% attacks), Model Security (preventing adversarial AI attacks), and Corporate Security (preventing social engineering). You will leverage the very AI technology we built to create a "Self-Defending Enterprise."

What You’ll Accomplish (Responsibilities):

• 1. Holistic Security Strategy & Governance (GRC)

  • Architect the Security Roadmap: Design and execute a 24-month security strategy that aligns with 0G’s roadmap from testnet to mainnet and beyond.

  • Compliance Leadership: Lead the end-to-end preparation and audit process for SOC2 Type II and ISO 27001 certifications. You will define the scope, implement controls, and manage external auditors.

  • AI-Driven Policy Management: Deploy LLM-based tools to continuously analyze internal policies against evolving regulations (EU AI Act, NIST AI RMF) and automate evidence collection, moving 0G from "point-in-time" compliance to "continuous" compliance.

  2. Operational & Corporate Security (SecOps)

  • Zero-Trust Architecture: Design and enforce Identity and Access Management (IAM) policies. Mandate and manage hardware-based 2FA (YubiKey/FIDO2) for all critical systems (AWS, GitHub, Google Workspace).

  • Endpoint & Remote Security: Secure a fully remote, global workforce. Implement and manage MDM (Mobile Device Management) and EDR (Endpoint Detection & Response) solutions to ensure fleet-wide hygiene without hindering developer velocity.

  • Insider Threat & Data Leakage Prevention: Implement controls to protect intellectual property and sensitive data, utilizing AI to detect anomalous data exfiltration behaviors.

  3. Product & Protocol Security

  • Smart Contract Security Lifecycle: Oversee the external audit pipeline. Manage relationships with top-tier audit firms and bug bounty platforms (e.g., Immunefi). Implement CI/CD security gates (Slither, Mythril) to catch vulnerabilities pre-deployment.

  • Key Management System (KMS): Own the "Crown Jewels." Manage the Multi-Party Computation (MPC) and Multi-Sig wallet infrastructure for corporate treasury and protocol operational keys (bridges, upgrade proxies).

  • Supply Chain Security: Secure the software supply chain (SBOM) to prevent injection attacks in our node software or dependencies.

  4. AI-Native Defense (The "Agentic SOC")

  • Automated Threat Hunting: Build and manage an "Agentic SOC" where AI agents autonomously triage alerts, correlate cross-platform logs (blockchain + cloud), and propose remediation steps.

  • Adversarial AI Testing: Collaborate with the research team to red-team our own models. Simulate model poisoning, extraction attacks, and membership inference attacks to harden the 0G Compute Network.

What You Bring (Requirements):

• The Builder-Defender: 8+ years of information security experience, with at least 3 years in a leadership role (Head of Security, CISO, Director, Team Lead). You have built security functions from scratch (0 to 1).

• Compliance: Proven track record of leading a technology company through successful SOC2 or ISO 27001 audits. You know how to map controls to technical realities without creating bureaucratic nightmares.

• Web3 Native: Deep understanding of blockchain fundamentals. You know the difference between a Reentrancy attack and a Sybil attack. You understand the risks of "Blind Signing" and how to mitigate them.

• AI Pragmatist: You don't just talk about AI; you use it. You can demonstrate experience (or strong conceptual plans) for using LLMs/Agents to automate security workflows (triage, policy review, code analysis).

• Crisis Commander: Experience leading Incident Response (IR) for high-severity issues. You remain calm under pressure and can coordinate legal, comms, and engineering during a crisis.

Nice to Haves (What you might bring):

• Fluency in Mandarin

• Experience securing Decentralized Physical Infrastructure Networks (DePIN) or AI infrastructure.

• Technical background in cryptography or distributed systems.

• Contribution to open-source security tools or active participation in the security research community.
  

  What we offer

• Purpose: The opportunity to contribute to making AI a public good

• Growth: A self-directed environment where you can take initiative to shape your role and career

• Compensation: Market-competitive compensation, including, for most roles, exposure to pre-launch tokens

In addition, 0G Labs is committed to the health and well-being of all of our team members. To that end, we provide reimbursements towards a holistic set of experiences and courses:

• Core self: Transcendental Meditation

• Mind: Landmark Education

• Emotion: Art of Communication

• Presence: Speech Coach

• Body: Fitness, gym and exercise memberships/classes

What we offer

• Purpose: The opportunity to contribute to making AI a public good

• Growth: A self-directed environment where you can take initiative to shape your role and career

• Compensation: Market-competitive compensation including, for most roles, exposure to pre-launch tokens

In addition, 0G Labs is committed to the health and well being of all of our team members. To that end, we provide reimbursements towards a holistic set of experiences and courses:

• Core self: Transcendental Meditation

• Mind: Landmark Education

• Emotion: Art of Communication

• Presence: Speech Coach

• Body: Fitness, gym and exercise memberships/classes