Location: Dublin, Ireland
Coinbase has built the world's leading compliant cryptocurrency platform serving over 30 million accounts in more than 100 countries. With multiple successful products, and our vocal advocacy for blockchain technology, we have played a major part in mainstream awareness and adoption of cryptocurrency. We are proud to offer an entire suite of products that are helping build the cryptoeconomy, and increase economic freedom around the world.
There are a few things we look for across all hires we make at Coinbase, regardless of role or team. First, we assess whether a candidate demonstrates our values: Clear Communication, Positive Energy, Efficient Execution, and Continuous Learning. Second, we look for signals that a candidate will thrive in a culture like ours, where we default to trust, embrace feedback, disrupt ourselves, and expect sustained high performance because we play as a championship team. Finally, we seek people with the desire and capacity to build and share expertise in the frontier technologies of crypto and blockchain, in whatever way is most relevant to their role.
Security Operations Team
Security is a primary competency at Coinbase, and the Security Operations team keeps a watchful eye over every aspect of it. Every day, we go to battle against some of the most sophisticated attackers in the world to protect billions of dollars worth of digital assets and ensure that our customers and employees can enjoy a safe, trusted experience. As Coinbase scales globally, our team is scaling along with it, using a blend of tooling, automation, and strategic team growth to ensure that we’re well-equipped to protect the next billion users of crypto.
What you’ll be doing:
The Security Operations group is part of a multi-functional organization that includes Trust & Safety and Threat Intelligence. While no two days will end up looking the same, generally-speaking you’ll be responsible for the following things:
- Growing and leading a team of exceptional security analysts
- Defining and hitting key performance metrics for your team
- Serving as Coinbase Security’s primary point of contact for EU regulators and auditors
What we look for in you:
Some security teams have strict requirements about certifications, degrees, years of experience, and things like that. Not us! We’re more interested in the unique perspectives and expertise you’ll bring to the team, rather than the acronyms on your resume. However, you’ll be much more likely to be successful in this role if these bullet points seem like a good description of you:
- You’ve hired lots of people for security operations roles before, and can pick out great talent from the crowd.
- Every team you’ve managed has gotten high marks for performance and job satisfaction.
- You’re comfortable making presentations to auditors and helping them understand complex aspects of a security program.
- Working with a global team doesn’t phase you
- You frequently get praise from your peers and coworkers about your communication skills, both written and verbal.
- You know that people aren’t stupid, but everyone makes mistakes. Your high degree of empathy means that your coworkers trust you to help solve their security problems, because you never come across as judgmental or condescending.
- Pressure doesn’t get to you, even in high-intensity situations or environments.
Nice to haves:
- You would bring a diverse perspective to the team: for example, maybe you took an unconventional route to get into your current security career.
- You’ve got a passing familiarity with blockchains and cryptocurrency, or at least a good story about how you thought about investing in Bitcoin in 2014 but decided not to.
- You’re comfortable writing your own queries and building your own dashboards to understand and visualize your team’s performance.
- You’ve operationalized security controls under PCI-DSS, SOC 1/2, and similar compliance regimes
Coinbase is committed to diversity in its workforce and is proud to be an equal opportunity employer and to review all of our job postings to minimize biased language. Coinbase does not make hiring or employment decisions on the basis of race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Coinbase will also consider for employment qualified applicants with arrest and conviction records in a manner consistent with San Francisco’s Fair Chance Ordinance and similar local laws.
Employee Privacy Notice
Coinbase Ireland Limited (“Coinbase”) is aware of its obligations under local data protection law and the General Data Protection Regulation (“GDPR”) and is committed to protecting your privacy and processing your data securely and transparently. This privacy notice sets out, in line with the GDPR, the types of data that we have about you as an employee, worked or contractor of Coinbase. It also sets out how we use that information, how long we keep it, and other relevant information about your data.
This notice applies to current and former employees, temporary workers, and contractors.
Data controller details
Coinbase is a data controller of your personal data, meaning that it determines how your personal data is processed and for what purpose. Our contact details are as follows:
Coinbase Ireland Limited
70 Sir John Rogerson's Quay,
Grand Canal Dock, Dublin 2
Email - firstname.lastname@example.org
Data protection principles
In relation to your personal data, we will:
- process it fairly, lawfully, and in a clear, transparent way;
- collect your data only for reasons that we find proper for the course of your employment in ways that have been explained to you;
- only use it in the way that we have explained to you;
- ensure it is correct and up to date;
- keep your data for only as long as we need it;
- process it only in ways that are consistent with this privacy notice and with an appropriate lawful basis for processing; and
- protect your data from loss and destruction
Further details on how we satisfy each of these principles are contained in this notice.
What personal data do we collect, use, or process?
The types of personal data we may collect, use, or process about you will depend upon the nature of your position and role within Coinbase. This data includes the following:
- full name (including title);
- age and/or date of birth;
- personal and work contact details including telephone numbers (landline, fax number and/or mobile) and email addresses;
- current residential address (including postal address)
- ethnicity, race, or any other diversity information that you voluntarily provide to us;
- marital status and dependents;
- next of kin and emergency contact information;
- medical information;
- identification documentation details (e.g. passport or national ID card number) and copies of such documents;
- PPS Number or other equivalent state or tax ID number;
- bank account details, payroll records, and tax status information;
- records of cryptocurrency holdings;
- salary, annual leave, pension, and benefits information;
- location of employment or workplace;
- recruitment information (including copies of right to work documentation, references, and other information included in a CV or cover letter or as part of the application process);
- employment records (including start date, job titles, work history, working hours, training records, and professional memberships);
- compensation history;
- performance information;
- public social media information;
- disciplinary and grievance information;
- CCTV footage and other information obtained through electronic means such as swipe card records;
- information about your use of information and communications systems;
- results and outcomes from historic and ongoing background checks (including criminal record checks and credit history records and reports); and
- shareholding/proprietorship in relevant companies/businesses.
How we collect your data
We collect data about you in a variety of ways. In most cases, we begin collecting data from you directly during the recruitment phase when you apply for a job or where we recruit you directly. This includes the information you would normally include in a CV or a recruitment cover letter, or notes made by our recruiting team during a recruitment interview. We collect more information when you complete forms at the start of your employment, for example, your bank and next of kin details. We may collect other details directly from you in the form of official documentation such as your driving licence, passport, or other evidence of your right to work.
In some cases, we will collect data about you from third parties, such as employment agencies, former employers when gathering references, or credit reference agencies.
Personal data is kept in personnel files or within Coinbase’s People Ops Dropbox and IT systems. The access to these systems is limited to those job roles where it is essential to access your records.
Why we process your data and how we use it
The law on data protection allows us to process your data for certain reasons only:
- in order to perform the employment contract that we are party to;
- to carry out legally required duties;
- to allow us to carry out our legitimate business interests, which are to effectively manage our employees, manage our business on a day-to-day basis and to assess the performance of our business;
- to protect your interests; or
- in certain very limited circumstances, with your consent.
All the processing carried out by us falls into one of the permitted reasons. Generally, we will rely on the first three reasons set out above to process your data. For example, we need to collect your personal data to:
- carry out the employment contract that we have entered with you; or
- ensure you are paid.
We also need to collect your data to ensure we are complying with legal requirements such as:
- ensuring tax, PRSI and USC is paid;
- carrying out checks in relation to your right to work in Ireland or the EU; or
- making reasonable adjustments for disabled employees.
We also collect data so that we can carry out activities which are in the legitimate interests of Coinbase. We have set these out below:
- making decisions about who to offer initial employment to, and subsequent internal appointments, promotions etc.;
- making decisions about salary and other benefits;
- maintaining comprehensive up to date personnel records about you to ensure, amongst other things, effective correspondence can be achieved and appropriate contact points in the event of an emergency are maintained;
- effectively monitoring both your conduct and your performance and to undertake procedures regarding both of these if the need arises;
- offering a method of recourse for you against decisions made about you;
- assessing training needs;
- implementing an effective sickness leave management system including monitoring the amount of leave and subsequent actions to be taken, including the making of reasonable adjustments;
- gaining expert medical opinion when making decisions about your fitness for work;
- managing statutory leave and pay systems such as maternity leave and pay etc.;
- evaluating changes to the company to improve employee experiences, based on employee engagement surveys, facilitated discussions, or other voluntary inputs;
- business planning and restructuring exercises;
- dealing with legal claims made against us;
- preventing fraud; and
- ensuring our administrative and IT systems are secure and robust against unauthorised access.
Special categories of data
Special categories of data relate to:
- sexual orientation or sex life;
- racial or ethnic origin;
- political opinions;
- religious or philosophical beliefs;
- trade union membership
- genetic and biometric data (voice recognition and fingerprints are both examples of biometric data).
We must process special categories of data in accordance with more stringent guidelines. We will process special categories of data when one of the following reasons applies:
- Where we are carrying out an assessment of your working capacity and that assessment is carried out in appropriately confidential circumstances;
- the processing is necessary for the purposes of performing our rights or obligations under employment or social welfare law;
- we must process the data to carry out our legal obligations; or
- we must process data for reasons of substantial public interest.
We will use your special category data:
- to comply with our own legal obligations;
- to investigate claims of discrimination or harassment (as is our legal obligation);
- in our sickness absence management procedures;
- to determine reasonable adjustments (as is our legal obligation).
If none of the grounds above applies we may ask for your consent to allow us to process such data. If this occurs, you will be made fully aware of the reasons for the processing. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.
Criminal conviction data
We conduct background checks on all of our candidates once an offer of employment has been accepted. We will only collect criminal conviction data as part of a background check where local law permits us to do so. Where are permitted to do so by local law, we use criminal conviction data in the following ways:
* To meet candidate suitability criteria; and * _For purposes of equal opportunities monitoring._
We process this data because of our legal obligation to ensure that you are fit and proper for the role you have applied for and our obligation to monitor the background circumstances of our staff. We will rely on a lawful basis permitted by local law before gathering and processing this sort of information.
If you do not provide your data to us
It is voluntary for you to provide us with your personal data. However, if you fail to provide certain data when requested, we may not be able to perform the employment contract, contract for services, or other relevant contract we have entered into with you (such as paying you or providing a benefit) or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).
Sharing your data
Your data will be shared with colleagues within Coinbase where it is necessary for them to undertake their duties. This includes, for example, your manager for their management of you, and the People Ops department for maintaining personnel records.
1. We may share your personal data with the other Coinbase Group entities identified in this policy as may be necessary to administer our working relationship with you or operate our business. 2. We may also disclose your personal data for the purposes described previously to:
- other organisations or individuals who assist us in providing services to us or administering our working relationship with you (for example, payroll, pension administration, benefits provision and administration and IT administration);
- your nominated representatives;
- professional service providers and advisors who perform functions on our behalf, such as lawyers;
- medical service providers including medical and rehabilitation practitioners for assessing insurance claims;
- actual or potential purchasers or investors in Coinbase; and
- government, regulatory authorities and other organisations (such as the police or other law enforcement agents) as required or authorised by law or other regulatory requirements in jurisdictions in which we operate.
We may also disclose your personal data to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets in circumstances which may require the use or transfer of such personal data. This may also include, without limitation, in connection with any bankruptcy or insolvency event. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
We share your data with third parties to obtain and process essential information required for your employment, including:
- references as part of the recruitment process;
- credit and criminal background checks;
- payroll processing;
- pension contributions;
- tax obligations; and
- providing security credentials for your internal user account.
Some of your personal data may be disclosed, transferred, stored, processed or used overseas by us, or by third party service providers for the purposes described in above. This may happen if:
- our offices or related entities are overseas as is the case with our sister company, Coinbase Inc.;
- we outsource certain activities overseas;
- transactions, information, services or products have an overseas connection; or
- our computer systems including IT servers are located overseas.
In particular, your personal data may be disclosed as outlined above to persons in Australia, Hong Kong, the European Economic Area, the United Kingdom, Singapore, Malaysia, the U.S.A and/or such other countries in which: (i) those parties or their, or our, computer systems may be located from time to time, or (ii) any member of the Coinbase Group becomes licensed or establishes a place of business, in each case where it may be used for the purposes described in this Privacy Notice.
Where we transfer data to jurisdictions outside of the EEA, we will do so in accordance with applicable privacy law. Some of the jurisdictions which we transfer personal data to may not be regarded as having an adequate level of protection of data. In these cases, we will ensure that additional steps are taken in order to legitimise the transfer. For example, we may enter into European Commission approved model contract clauses with entities outside in the US in order to legitimise the transfer of personal data to that jurisdiction.
For more information on international transfers (and the mechanisms that we have in place to ensure that they are done in a way that protects your privacy rights) please contact: email@example.com.
Other uses and disclosures
We may collect, use and disclose your personal data for other purposes not listed in this Privacy Notice. If we do so, we will make it known to you at the time we collect, use or disclose your personal data.
Protecting your data
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction, and abuse. We have implemented processes to guard against such. These policies and procedures are covered in the Information Security Program Data Security Policy, and Access Control Policy.
Where we share your data with third parties, we provide written instructions to them to ensure that your data is held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
How long we keep your data
In line with data protection principles, we only keep your data for as long as we need it, which will be at least for the duration of your employment with us plus an additional time period to account for local law relating to the statute of limitations. Local law also requires us to keep certain categories of data for longer than others. Retention periods can vary depending on why we need your data, as set out below. Coinbase may update this policy from time to time.
Settled Workers in Ireland
- Personal details and job performance (as previously described), 6 years after employee end of contract.
- Education and interview notes, 6 months (industry standard is 12 months for unsuccessful candidates and 6 years after employee end of contract).
- Sick leave, 3 years after occurrence. If it relates to a health and safety issue, 10 years from the date of occurrence.
- Wage/salary records, 6 years after employee end of contract.
- Pension records, 12 years.
- CCTV records, 6 months.
- Criminal disclosure, 6 years.
In addition to the records stated above for settled workers in Ireland, Coinbase will retain the following records in relation to migrant workers for 6 years after the end of the employee’s contract.
- Copy of passport is not to be retained; however, the passport number is retained within the employee file.
- Copy of Employment permit.
These records shall be retained for whichever is the shorter period of either:
- one year from the date Coinbase ended sponsorship of the migrant; or
- if the migrant is no longer sponsored by Coinbase, the point at which a compliance officer has examined and approved the migrant.
Automated decision making
No decision which has a significant impact on you will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement).
Your rights in relation to your data
The law on data protection gives you certain rights in relation to the data we hold on you. These are:
- right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
- right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request. You can read more about this in our Subject Access Request policy which is available from People Ops.
- the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you can ask us to update our records.
- the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
- the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
- the right to portability. You may transfer the data that we hold on you for your own purposes.
- the right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests.
In the very limited circumstances where we rely on your consent to process your personal data (rather than one of the other grounds set out in this policy), you have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please contact People Ops or the company’s data protection lead (details below).
Making a complaint
The supervisory authority in Ireland for data protection matters is the Data Protection Commission (“DPC”). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the DPC. You may lodge a complaint by emailing firstname.lastname@example.org or writing to the following address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois. You can visit the website of the Data Protection Commission at www.dataprotection.ie for more details.
Data Protection Lead
The Company’s Data Protection Lead is Lydia Lavender. Contact details are:
AWS, C, and Security
5 days ago - source