Senior Application Security Engineer
Who we are
Alloy is an Identity Decisioning Platform and supports innovative fintech companies and banks to manage KYC, AML, and other components of client onboarding. Alloy’s single API enables its clients to access over 60 third party data sources in real-time to improve decision-making and streamline client experiences. We're backed by venture capital firms that have taken countless companies to IPO like Bessemer Venture Partners, Primary Venture Partners, Eniac Ventures, and others and well positioned to bring on incredibly talented individuals to help take us to the next level! Come join one of Inc. Magazine's Best Workplaces to work!
What we're looking for
This is Alloy's first dedicated security hire, which comes with a lot of autonomy and responsibility. You'll work with a large part of the engineering org to maintain and enhance our high security standards. We'd like our security team to be supportive, asking the question "how can we get to 'yes'" instead of being gatekeepers.
The following requirements may seem like a lot, but you'll have the resources to tell us what we need. We look forward to working with you and having a domain expert to help us scale our culture of security!
What you will do
- Contribute to a culture of security at Alloy by helping train staff and being the go-to expert on security practices, tools, and vulnerabilities
- Stay vigilant and monitor ongoing security threats
- Analyze and respond to security incidents triggered by automated alerts, bug bounties, or external assessments
- Perform ongoing log analysis and monitoring, and set up alerts to be proactively alerted or concerning activity
- Proactively layer on security controls and update existing controls to respond to an ever-changing threat environment
- Implement and configure tools to help us detect and respond to new types of threats
- Maintain awareness and understanding of Current Vulnerabilities & Exposures relevant to Alloy applications, dependencies, and infrastructure
- Make sure vulnerable applications or systems are being promptly updated and vulnerabilities remediated
- Regularly assess the security of our systems and compile reports for our team and our customers
- Perform periodic security audits, penetration tests, and various tasks to ensure security policy and regulatory compliance
- Prepare reports that document security incidents and the extent of the damage caused by the incidents
- Maintain and adapt Alloy's security processes, procedures, and policies (we have strict security requirements and need to provide a lot of documentation to our customers and auditors!)
What we look for
- 5+ years of work experience in Information Security, IT Audit, or Compliance
- Relevant information security certifications preferred (i.e. ECSA, CISM, CISSP)
- Knowledge of regulatory compliance requirements including PCI-DSS, ISO 27001/27002, SOC 2, etc. preferred
- Strong knowledge of information systems security standards and practices (e.g., access control, system hardening, system audit and log file monitoring, security policies, and incident handling)
- Some experience at each level of the stack: network, system, and application security
- Understanding of TCP/IP and network communications
- Strong problem solving and analytical skills, exceptions written and verbal communication skills
- Demonstrated initiative, customer orientation and teamwork competencies
- Ability to manage multiple projects, priorities and deadlines
- Combination of education, training, and experience preferred
Benefits and Perks
- Unlimited PTO and we are remote until 2021 (or until there's a vaccine)
- Company Paid Benefits (Medical, Dental, Vision)
- 401k with 100% match up to 4%
- $500 to just set up your WFH space - a one time thing
- Monthly Commuter Budget
- Monthly stipend for groceries from Public Goods
- Monthly food allowance for Seamless
- Monthly Gym Contribution
- Annual Citi Bike Membership
- Annual $1k Personal Development Budget
- Four Free Therapy Sessions
How to Apply
Apply right here! www.alloy.co/jobs
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We are committed to an inclusive interview experience and provide reasonable accommodations to applicants with visible and invisible disabilities. We encourage applicants to share needed accommodations with their recruiter.