Engineering Manager, Product Security (Infrastructure and Security)
Description:
About the job Engineering Manager, Product Security (Infrastructure and Security)
Engineering Manager, Product Security (Infrastructure and Security)
New York City
Our partners at Alloy solve the identity risk problem for companies that offer financial products by enabling them to outpace fraud and confidently serve more people around the world. Banks and Fintechs turn to Alloy to take control of fraud, credit, and compliance risk, and grow with the clearest picture of their customers.
Through our values: Be Bold, Get Scrappy, Collaborate, and Celebrate Our Differences, we are creating a workplace where you can grow, thrive, and belong. See how they've been continuously recognized and named one of Inc.Magazines Best Workplaces, Forbes Americas Best Startup Employers, Best Fintech to Work for by American Banker, year after year.
Check out our investors and read more about us here.
About the team
Alloys Product Security Team is composed of Application Security and Cloud Security engineers who are responsible for implementing, improving, and maintaining Alloys information security management system, and ensuring the ongoing security of Alloys products and data.
What you'll be doing
Reporting into the VP of Infrastructure & Security, were seeking a leader who will work with a large part of the engineering org to maintain and enhance our high security standards.The Engineering Manager of the Product Security Team will:
Mentor a team of Application Security and Cloud Security engineers
Ensure the confidentiality, integrity, and availability of Alloys systems and data while allowing the business to move forward at a rapid pace
Conduct regular one on ones with members of the product security team, focusing on professional development, positive morale, and continuing momentum
Manage the product security backlog, prioritizing and delegating projects and ensuring their timely delivery
Engage with clients, auditors, and others during a variety of security assessments
Ensure timely security reviews of new and ongoing engineering initiatives
Manage security vendor relationships
Participate in third party security assessments
Conduct recurring security management meetings (access control reviews, security bug bashes, incident response plan reviews, etc)
Participate in risk assessments; lead threat modeling and tabletop security exercises
Manage Alloys vulnerability management program
Ensure vigilance and monitor ongoing security threats
Analyze and respond to security incidents triggered by automated alerts, bug bounties, or external assessments
Perform ongoing log analysis and monitoring, and set up alerts to be proactively alerted or concerning activity
Proactively implement security controls and update existing controls to respond to an ever-changing threat environment
Implement and configure tools to help us detect and respond to new types of threats
Maintain awareness and understanding of Current Vulnerabilities & Exposures relevant to Alloy applications, dependencies, and infrastructure
Make sure vulnerable applications or systems are being promptly updated and vulnerabilities remediated
Regularly assess the security of our systems and compile reports for our team and our customers
Perform periodic security audits, penetration tests, and various tasks to ensure security policy and regulatory compliance
Prepare reports that document security incidents and the extent of the damage caused by the incidents
Maintain and adapt Alloy's security processes, procedures, and policies (we have strict security requirements and need to provide a lot of documentation to our customers and auditors!) Who were looking for
3+ years of leadership experience
8+ years of work experience in Application Security, Cloud Security, or Platform Security
Relevant information security and other certifications preferred: CISM, CISSP, AWS Solutions Architect, AWS Security Specialty, and similar
Knowledge of security, governance, risk, and compliance standards, frameworks, and controls such as PCI-DSS, ISO 27001/27002, SOC 2, NIST CSF, CIS Benchmarks, etc.
Practical experience with information systems security standards and practices (e.g., access control, system hardening, system audit and log file monitoring, security policies, and incident handling)
Experience at each level of the stack: network, system, and application security particularly with kubernetes and public cloud.
Knowledge of TCP/IP and network communications.
Knowledge of encryption/ decryption technologies
Experience implementing and configuring common security tooling solutions (SCA, SAST, SIEM, TPAM, DAST, CSPM, EDR, etc)
Strong problem solving and analytical skills, exceptional written and verbal communication skills
Demonstrated experience leading a product security team
Demonstrated initiative, customer orientation and teamwork competencies
Ability to manage multiple projects, priorities and deadlines
Combination of education, training, and experience preferred At Alloy, we strive to attract & retain talent by providing compensation that is competitive with other organizations of our size & stage. We are committed to ensuring each candidate has what they need to be successful in their role with a balanced range of compensation, equity, perks & benefits. We actively share our compensation philosophy with employees, with the goal of fostering open and honest dialogue. Finally, we work to administer our philosophy and drive consistency in order to promote equity and monitor the fairness of each outcome.
The following range is based on the scoped level within the organization and only for NYC: 210-247k
Benefits and Perks
Unlimited PTO and flexible work policy
Medical, dental, vision plans with HSA (monthly employer contribution) and FSA options
401k with 100% match up to 4% of annual employee compensation
Eligible new parents receive 16 weeks of paid parental leave
Home office stipend for new employees
Learning & Development annual stipend
Well-being benefits include access to OneMedical, Headspace, and more
We're a lean team, so your impact will be felt immediately. If this all sounds like a good fit for you, why not join us?