Staff Security Engineer

Your Role:

We are seeking an experienced Staff Security Engineer who can help expand our Security efforts and play a critical role in safeguarding Alpaca’s systems, data, and client assets from evolving cyber threats to ensure the security and integrity of our Firm.

The role requires a deep understanding of Cybersecurity principles, incident response, cloud security, offensive security, and proactive threat detection with a proven track record of managing security risks and cross functional collaboration. The Security Team is 100% distributed and remote. This role will be reporting directly to the CISO.

Things You Get To Do:

• Lead and triage security events including potential security incidents, insider threats, malware infections, unauthorized access, fraud, and data exfiltration events
• Conduct thorough analyses of events, assess impact, and implement corrective actions by collaborating with cross-functional teams to prioritize and remediate issues as necessary
• Develop and maintain security incident response playbooks and automate security workflows to improve efficiency and effectiveness
• Conduct Threat Hunting activities to identify potential issues and implement strategies for proactive threat detection
• Manage and optimize security tools and technologies, such as SIEM, SOAR, Container Orchestration like Kubernetes, Docker / Docker Swarm and other relevant solutions
• Enhance the security of our CI/CD pipeline by integrating security measures into GitOps and focus on brainstorming, designing, building, deploying, and managing cloud-native security
• Collaborate with Product and Engineering to ensure secure design and implementation of systems and applications
• Lead and assist with vulnerability management, penetration testing, and red teaming activities, including managing our bug bounty program
• Foster strong cross-functional relationships with IT, Engineering, Compliance, and other stakeholders to ensure alignment and effective security practices
• Assist with compliance audits and assessments as necessary
• Conduct security research and contribute to the development of new security tools and techniques.

Who You Are (Must-Haves):

• Excited about Alpaca’s mission and what we’re building
• 6-8 years of mixed experience in a security operations, security engineering, product security, and DevSecOps
• Experience with implementing and maintaining SIEM/SOAR and automation solutions, and other security tools
• Experience with cloud-centric environments and cybersecurity capabilities, including a strong understanding of Kubernetes security concepts
• Strong analytical and problem-solving skills
• Excellent communication skills and committed to work collaboratively across the Firm
• Available for on-call rotations and after-hour responses as needed

Who You Might Be (Nice-to-Haves):

• Bachelor’s degree in Information Technology or a related field
• Security related certifications such as CISSP, GIAC, OSCP, CRTO, K8s is a plus
• Experience in securing and monitoring APIs
• Understanding of financial and privacy regulations
• Experience in the financial services industry
• Business acumen to be able to balance tradeoffs between stakeholders and technology feasibility and budget constraints