Product Security Engineer

Summary

Join Alpaca, a leading brokerage infrastructure technology company, as a Product Security Engineer. You will play a critical role in safeguarding Alpaca's assets and ensuring the security and integrity of our products and infrastructure. Collaborate with engineering, product, and operations teams to embed security best practices, harden systems, and respond to threats. This role requires deep understanding of cybersecurity principles, application security, and DevSecOps. The position is fully remote and reports directly to the CISO. Alpaca offers competitive salary, stock options, and comprehensive benefits.

Requirements

• Be excited about Alpaca’s mission and what we’re building
• Have 6-8 years of mixed experience in a security operations, security engineering, product security, and DevSecOps
• Have proficiency in at least one programming language (e.g., Go, Python etc.) and the ability to review and write secure code
• Have experience with API security (e.g., OAuth, JWT, WAF, rate limiting)
• Have experience with cloud security (e.g., Google Cloud, AWS) including DevSecOps and embedding security in the CI/CD pipeline
• Have a strong understanding of how to secure containerized environments (e.g., Kubernetes, Docker)
• Have familiarity with security tools such as static code analyzers, vulnerability scanners, and penetration testing frameworks
• Have knowledge of common security vulnerabilities (e.g., OWASP Top 10) and mitigation strategies
• Possess strong analytical and problem-solving skills
• Have excellent communication skills and be committed to work collaboratively across the Firm
• Be comfortable thriving in a distributed, remote-first team with asynchronous collaboration across time zones
• Have a curious mindset, empathy for our users and teams, and a commitment to accountability—aligned with Alpaca’s core values of "Stay Curious," "Have Empathy," and "Be Accountable."
• Be available for on-call rotations and after hour responses as needed

Responsibilities

• Collaborate with Product, Engineering, and DevOps to embed security into our API and platform development lifecycle, working hand-in-hand with our Engineering and Product teams
• Perform threat modeling and security reviews to spot risks early and keep our products secure
• Identify, triage, and remediate security vulnerabilities in our codebase, infrastructure, and third-party dependencies, and help respond and manage our bug bounty program
• Build and tweak automation tools for security testing and monitoring
• Participate in security incident response efforts, including investigation, containment, and post-mortem analysis, to ensure rapid resolution and continuous improvement
• Harden our cloud systems (Google Cloud, Kubernetes) and products to meet industry standards and protect against evolving threats
• Team up with product and DevOps crews to make security seamless without slowing us down
• Promote a security-first mindset by providing guidance, training, and documentation to team members on secure coding practices and emerging threats
• Assist with compliance audits and assessments as necessary
• Conduct security research and contribute to the development of new security tools and techniques

Preferred Qualifications

• Have a Bachelor’s degree in Information Technology or a related field
• Have security related certifications such as CISSP, GIAC, OSCP, CRTO, K8s
• Have experience in securing and monitoring APIs
• Have an understanding of financial and privacy regulations
• Have experience in the financial services industry
• Possess business acumen to be able to balance tradeoffs between stakeholders and technology feasibility and budget constraints

Benefits

• Competitive Salary & Stock Options
• Health benefits start on day 1. In the US this includes Medical, Dental, Vision. In Canada, this includes supplemental health care. In Japan, you are offered local benefits. Internationally, this includes a stipend value to offset medical costs
• New Hire Home-Office Setup: One-time USD $500
• Monthly Stipend: USD $150 per month via a Brex Card
• Work with awesome hard working people, super smart and cool clients and innovative partners from around the world