Senior Security Engineer

The Company

Arta is on an audacious and incredibly rewarding mission: to pave the way for people everywhere to lead more successful financial lives.  Arta leverages AI and sophisticated digital tools—once reserved for ultra-high-net-worth individuals—and makes them accessible to a broader global audience. Think of it as your own digital family office, combining intelligent investment strategies, alternative assets, private market access, and smart automation to help you grow and protect your wealth effortlessly.  We value trust, teamwork, and adaptability. 

The Role

As a Senior Security Engineer, you will play a critical role in protecting sensitive financial data, client assets, and infrastructure from cyber threats.  You are responsible for application of the latest security posture management tools, design and implementation of best security practices across the entire system — internal and client-facing application, and cloud infrastructure.   You will collaborate with the CISO (Chief Information Security Officer), CTO, product, devops, and legal/compliance teams. 

What You Will Do

Application Security

• Monitor and triage security issues discovered by security posture monitoring tools 

• Identify and fix vulnerabilities in web/mobile apps

• Perform code reviews and plan penetration testing

• Implement secure development practices (DevSecOps)

• Collaborate with developers to secure new and existing features

Infrastructure & Cloud Security

• Secure cloud deployments  

• Set up firewalls, proxies, IAM policies, VPCs, and network monitoring dashboards

• Configure and manage encryption keys and other secrets

Compliance & Risk Management

• Ensure adherence to financial compliance standards (e.g., SOC 2, MAS, GDPR, ISO 27001)

• Conduct risk assessments and audits
  Support documentation and evidence gathering for audits

Security Monitoring & Incident Response

• Monitor systems for suspicious behavior or data breaches

• Set up and tune SIEM tools (like Splunk or Datadog)

• Lead or support incident response (IR) and post-mortem analysis

Data Security & Privacy

• Implement controls for data encryption, tokenization, and access control

• Ensure customer financial data (e.g., KYC, investment info) is protected

Security Awareness & Culture

• Educate the team on phishing, secure coding, and access hygiene

• Define and setup endpoint security policies

• Help foster a “security-first” culture in a fast-moving startup

Who You Are

• 8+ years of work experience in software or data engineering, ideally in financial services and/or fintech industry

• At least 5+ years of hands-on experience in information security, cybersecurity, or cloud security roles

• Strong understanding of network security, encryption, authentication, and access control

• Extensive experience with cloud platforms such as AWS/Azure, and preferably GCP, along with cloud-native technologies.

• Experience implementing zero-trust architecture, secrets management (e.g., HashiCorp Vault), and DevSecOps practices

• Advanced scripting or programming ability in Python, TypeScript, and Bash

• Familiarity with container and orchestration security (Docker, Kubernetes, Istio)
  Experience conducting or leading threat modeling, penetration testing, or incident response

• Experience with application security practices, such as code scanning (e.g., Snyk, Checkmarx) and OWASP Top 10

• Familiarity with SIEM tools, intrusion detection systems, and endpoint protection

• Ability to implement and maintain identity and access management policies (SSO, MFA, RBAC)

• Understanding of financial regulatory standards such as SOC 2, ISO 27001, PCI-DSS, or GDPR

• Basic knowledge of risk assessment and compliance requirements in a fintech environment

• Strong communication skills with ability to collaborate across engineering, product, and compliance teams

• Ability to explain complex security concepts in simple terms to non-technical stakeholders

• Authorized to work in the United States

• Based in the Bay area, or you have plans to relocate. 

Interview Process

• Intro call with the Head of Talent, 30m

• Technical Interview 1: Coding/Algorithm/Data Structure, 60m

• Technical Interview 2: Domain Knowledge and Security System Design with CTO, 60m

• Technical Interview 3: General Assessment by CIO/Head of AI Research, 30-45m

• Culture & Collaboration Interview with a Product Manager, 30m