Your Role:
We are seeking an experienced Staff Security Engineer who can help expand our Security efforts and play a critical role in safeguarding Alpaca’s systems, data, and client assets from evolving cyber threats to ensure the security and integrity of our Firm.
The role requires a deep understanding of Cybersecurity principles, incident response, cloud security, offensive security, and proactive threat detection with a proven track record of managing security risks and cross functional collaboration. The Security Team is 100% distributed and remote. This role will be reporting directly to the CISO.
Things You Get To Do:
- Lead and triage security events including potential security incidents, insider threats, malware infections, unauthorized access, fraud, and data exfiltration events
- Conduct thorough analyses of events, assess impact, and implement corrective actions by collaborating with cross-functional teams to prioritize and remediate issues as necessary
- Develop and maintain security incident response playbooks and automate security workflows to improve efficiency and effectiveness
- Conduct Threat Hunting activities to identify potential issues and implement strategies for proactive threat detection
- Manage and optimize security tools and technologies, such as SIEM, SOAR, Container Orchestration like Kubernetes, Docker / Docker Swarm and other relevant solutions
- Enhance the security of our CI/CD pipeline by integrating security measures into GitOps and focus on brainstorming, designing, building, deploying, and managing cloud-native security
- Collaborate with Product and Engineering to ensure secure design and implementation of systems and applications
- Lead and assist with vulnerability management, penetration testing, and red teaming activities, including managing our bug bounty program
- Foster strong cross-functional relationships with IT, Engineering, Compliance, and other stakeholders to ensure alignment and effective security practices
- Assist with compliance audits and assessments as necessary
- Conduct security research and contribute to the development of new security tools and techniques.
Who You Are (Must-Haves):
- Excited about Alpaca’s mission and what we’re building
- 6-8 years of mixed experience in a security operations, security engineering, product security, and DevSecOps
- Experience with implementing and maintaining SIEM/SOAR and automation solutions, and other security tools
- Experience with cloud-centric environments and cybersecurity capabilities, including a strong understanding of Kubernetes security concepts
- Strong analytical and problem-solving skills
- Excellent communication skills and committed to work collaboratively across the Firm
- Available for on-call rotations and after-hour responses as needed
Who You Might Be (Nice-to-Haves):
- Bachelor’s degree in Information Technology or a related field
- Security related certifications such as CISSP, GIAC, OSCP, CRTO, K8s is a plus
- Experience in securing and monitoring APIs
- Understanding of financial and privacy regulations
- Experience in the financial services industry
- Business acumen to be able to balance tradeoffs between stakeholders and technology feasibility and budget constraints
How We Take Care of You:
- Competitive Salary & Stock Options
- Benefits: Health benefits start on day 1. In the US this includes Medical, Dental, Vision. In Canada, this includes supplemental health care. In Japan, you are offered local benefits. Internationally, this includes a stipend value to offset medical costs.
- New Hire Home-Office Setup: One-time USD $500
- Monthly Stipend: USD $150 per month via a Brex Card
- Work with awesome hard working people, super smart and cool clients and innovative partners from around the world
Alpaca is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.
