Member of the Technical Staff, Security Operations

Founded in 2017, our company is a regulated crypto platform offering integrated financial services and infrastructure solutions to institutions. With the objective of diversifying our team, we seek individuals who embody qualities such as humility, creativity, and a thirst for learning.

As a remote-friendly and globally dispersed team, we also provide the option of working in our offices in New York City, Sioux Falls, Porto, Lisbon, and Singapore. Collaboration is key, prompting us to endorse and sponsor quarterly in-person team sessions for enhanced engagement and cohesion.

The Security Operations team is instrumental in developing and implementing both hardware and software solutions that establish and assess security protocols across various facets of the Anchorage platform - including code, cloud resources, and infrastructure components. This team plays a critical role in identifying and managing vulnerabilities within our system while also collaborating with service owners to fortify networking and infrastructure security. Automation is a key strategy employed by the Security Operations team to enhance efficiency in investigating threats, managing inventory, and ensuring compliance with regulations.

To assure measured impact and foster growth, we have developed a framework, Factors of Growth & Impact, which aids team members in gauging their contributions within the security landscape.

Technical Skills:

• Crafting and managing security automation and tools to detect vulnerabilities through static and dynamic analyses across code and operational systems.
• Executing application security assessments, penetration tests, and code reviews to uncover and address high-risk security issues.
• Developing and executing workflows for vulnerability management, working closely with engineering teams to prioritize and resolve identified issues.
• Establishing and testing security protocols for code, cloud resources, and infrastructure components across the Anchorage platform.

Complexity and Impact of Work:

• Monitoring and addressing security events and configuration anomalies throughout the organization and leading containment efforts.
• Overseeing the vulnerability lifecycle from detection through resolution, ensuring timely closure of identified weaknesses.
• Taking charge or significantly contributing to Security Operations initiatives with minimal supervision, coordinating efforts across teams to bring projects to fruition.
• Deconstructing complex security challenges into manageable tasks with clear scope and timelines, paired with effective communication of options and priorities.
• Providing necessary assurance artifacts and evidence to meet regulated entity requirements and support compliance efforts.
• Balancing speed of response with depth of investigation while adapting approaches based on risk assessment and business impact.

Organizational Knowledge:

• Engaging in the development and implementation of the company's security strategy by aligning Security Operations goals with organizational objectives.
• Acquiring knowledge of emerging threats, vulnerabilities, and industry trends to fortify the company's security posture.
• Maintaining a holistic view of security across the product ecosystem - including applications, infrastructure, and third-party integrations - while fostering a culture of security consciousness.
• Collaborating cross-functionally with Engineering, Infrastructure, and Compliance teams to embed security best practices into development and operational processes.

Communication and Influence:

• Disseminating knowledge across the team through documentation, runbooks, and post-incident reviews to mitigate single points of failure.
• Collaborating with engineering teams to outline security risks and remediation strategies in a clear, actionable manner.
• Cross-team collaboration to review security configurations, address findings, and engage in technical discussions to enhance processes.
• Demonstrating empathy by understanding the perspectives, priorities, and constraints of others in communicating effectively with both technical and non-technical stakeholders.

Qualifications:

• A minimum of 3 years of experience in security engineering, application security, penetration testing, or security operations.
• Proficiency in developing security tools, automations, and workflows using languages such as Python or Go.
• Ability to identify and assess security vulnerabilities in applications, APIs, and cloud infrastructure, with effective communication of remediation strategies.
• Experience with static and dynamic analysis tools for identifying security issues within code and live systems.
• Familiarity with cloud security fundamentals, particularly in AWS.
• Competence in incident response, root cause analysis, and coordinating response efforts.
• Proficiency in computer science fundamentals and a commitment to code quality and operational excellence.
• A focus on security outcomes, end-user experience, and business value in all actions.
• Character traits include creativity, humility, ambition, attention to detail, hard-working, trustworthy, eagerness to learn, methodical, action-oriented, and tenacious.

Additional Skills:

• Experience in bug bounty programs, regulated financial services, blockchain security, open-source tools, or relevant certifications would be advantageous.

Our hiring process may involve AI tools to support recruitment activities but human judgment ultimately guides the final hiring decisions. For further insight into data processing, feel free to reach out to us.