Staff Security Engineer

Who We Are:

Alpaca is a US California headquartered brokerage infrastructure technology company and self-clearing broker-dealer, delivering execution and custody solutions for Stocks, ETFs, Options, Cryptocurrencies, and more, and has raised over $170 million in funding. Amongst our subsidiaries, Alpaca is a licensed financial services company in multiple countries, and we serve hundreds of financial institutions globally such as broker-dealers, investment advisors, hedge funds, and crypto exchanges.

Alpaca’s globally distributed team members bring in diverse experiences such as engineers, traders, and brokerage professionals to achieve our Mission of opening financial services to everyone on the planet. We are also deeply committed to open-source contributions and fostering a vibrant community. We will continue to enhance and improve our award-winning developer-friendly API and the infrastructure behind it.

Our Team Members:

We’re a team of 150+ globally distributed members who love working from our favorite places worldwide. Our team spans the USA, Canada, Japan, Hungary, Nigeria, Brazil, the United Kingdom, and more!

We’re looking for candidates eager to join Alpaca’s growing organization, who are excited about our Mission of “Open financial services to everyone on the planet and share our Values of “Stay Curious,” “Have Empathy,” and “Be Accountable.”

Your Role:

We are seeking an experienced Staff Security Engineer who can help expand our Security efforts and play a critical role in safeguarding Alpaca’s systems, data, and client assets from evolving cyber threats to ensure the security and integrity of our Firm. 

The role requires a deep understanding of Cybersecurity principles, incident response, cloud security, offensive security, and proactive threat detection with a proven track record of managing security risks and cross functional collaboration. The Security Team is 100% distributed and remote. This role will be reporting directly to the CISO.

Things You Get To Do:

• Lead and triage security events including potential security incidents, insider threats, malware infections, unauthorized access, fraud, and data exfiltration events
• Conduct thorough analyses of events, assess impact, and implement corrective actions by collaborating with cross-functional teams to prioritize and remediate issues as necessary
• Develop and maintain security incident response playbooks and automate security workflows to improve efficiency and effectiveness
• Conduct Threat Hunting activities to identify potential issues and implement strategies for proactive threat detection
• Manage and optimize security tools and technologies, such as SIEM, SOAR, Container Orchestration like Kubernetes, Docker / Docker Swarm and other relevant solutions
• Enhance the security of our CI/CD pipeline by integrating security measures into GitOps and focus on brainstorming, designing, building, deploying, and managing cloud-native security
• Collaborate with Product and Engineering to ensure secure design and implementation of systems and applications
• Lead and assist with vulnerability management, penetration testing, and red teaming activities, including managing our bug bounty program
• Foster strong cross-functional relationships with IT, Engineering, Compliance, and other stakeholders to ensure alignment and effective security practices
• Assist with compliance audits and assessments as necessary
• Conduct security research and contribute to the development of new security tools and techniques.

Who You Are (Must-Haves):

• Excited about Alpaca’s mission and what we’re building
• 6-8 years of mixed experience in a security operations, security engineering, product security, and DevSecOps
• Experience with implementing and maintaining SIEM/SOAR and automation solutions, and other security tools
• Experience with cloud-centric environments and cybersecurity capabilities, including a strong understanding of Kubernetes security concepts
• Strong analytical and problem-solving skills
• Excellent communication skills and committed to work collaboratively across the Firm
• Available for on-call rotations and after-hour responses as needed

 Who You Might Be (Nice-to-Haves):  

• Bachelor’s degree in Information Technology or a related field
• Security related certifications such as CISSP, GIAC, OSCP, CRTO, K8s is a plus
• Experience in securing and monitoring APIs
• Understanding of financial and privacy regulations
• Experience in the financial services industry
• Business acumen to be able to balance tradeoffs between stakeholders and technology feasibility and budget constraints

How We Take Care of You:

• Competitive Salary & Stock Options
• Benefits: Health benefits start on day 1. In the US this includes Medical, Dental, Vision. In Canada, this includes supplemental health care. In Japan, you are offered local benefits. Internationally, this includes a stipend value to offset medical costs.   
• New Hire Home-Office Setup: One-time USD $500
• Monthly Stipend: USD $150 per month via a Brex Card
• Work with awesome hard working people, super smart and cool clients and innovative partners from around the world

Alpaca is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.

Recruitment Privacy Policy