Staff Security Engineer

Summary

Join Alpaca, a leading brokerage infrastructure technology company, as a Staff Security Engineer. You will play a critical role in safeguarding our systems, data, and client assets. This role requires deep cybersecurity expertise, incident response experience, and strong collaboration skills. The position is fully remote and reports directly to the CISO. You will lead security events triage, develop incident response playbooks, conduct threat hunting, manage security tools, and collaborate with cross-functional teams. Alpaca offers competitive compensation, benefits, and a supportive work environment.

Requirements

• Excited about Alpaca’s mission and what we’re building
• 6-8 years of mixed experience in a security operations, security engineering, product security, and DevSecOps
• Experience with implementing and maintaining SIEM/SOAR and automation solutions, and other security tools
• Experience with cloud-centric environments and cybersecurity capabilities, including a strong understanding of Kubernetes security concepts
• Strong analytical and problem-solving skills
• Excellent communication skills and committed to work collaboratively across the Firm
• Available for on-call rotations and after-hour responses as needed

Responsibilities

• Lead and triage security events including potential security incidents, insider threats, malware infections, unauthorized access, fraud, and data exfiltration events
• Conduct thorough analyses of events, assess impact, and implement corrective actions by collaborating with cross-functional teams to prioritize and remediate issues as necessary
• Develop and maintain security incident response playbooks and automate security workflows to improve efficiency and effectiveness
• Conduct Threat Hunting activities to identify potential issues and implement strategies for proactive threat detection
• Manage and optimize security tools and technologies, such as SIEM, SOAR, Container Orchestration like Kubernetes, Docker / Docker Swarm and other relevant solutions
• Enhance the security of our CI/CD pipeline by integrating security measures into GitOps and focus on brainstorming, designing, building, deploying, and managing cloud-native security
• Collaborate with Product and Engineering to ensure secure design and implementation of systems and applications
• Lead and assist with vulnerability management, penetration testing, and red teaming activities, including managing our bug bounty program
• Foster strong cross-functional relationships with IT, Engineering, Compliance, and other stakeholders to ensure alignment and effective security practices
• Assist with compliance audits and assessments as necessary
• Conduct security research and contribute to the development of new security tools and techniques

Preferred Qualifications

• Bachelor’s degree in Information Technology or a related field
• Security related certifications such as CISSP, GIAC, OSCP, CRTO, K8s is a plus
• Experience in securing and monitoring APIs
• Understanding of financial and privacy regulations
• Experience in the financial services industry
• Business acumen to be able to balance tradeoffs between stakeholders and technology feasibility and budget constraints

Benefits

• Competitive Salary & Stock Options
• Benefits: Health benefits start on day 1. In the US this includes Medical, Dental, Vision. In Canada, this includes supplemental health care. In Japan, you are offered local benefits. Internationally, this includes a stipend value to offset medical costs
• New Hire Home-Office Setup: One-time USD $500
• Monthly Stipend: USD $150 per month via a Brex Card
• Work with awesome hard working people, super smart and cool clients and innovative partners from around the world