Engineering Manager, Product Security (Infrastructure ...

About the job Engineering Manager, Product Security (Infrastructure and Security) Engineering Manager, Product Security (Infrastructure and Security)New York CityOur partners at Alloy solve the identity risk problem for companies that offer financial products by enabling them to outpace fraud and confidently serve more people around the world. Banks and Fintechs turn to Alloy to take control of fraud, credit, and compliance risk, and grow with the clearest picture of their customers. Through our values: Be Bold, Get Scrappy, Collaborate, and Celebrate Our Differences, we are creating a workplace where you can grow, thrive, and belong. See how they've been continuously recognized and named one of Inc.Magazines Best Workplaces, Forbes Americas Best Startup Employers, Best Fintech to Work for by American Banker, year after year. Check out our investors and read more about us here. About the teamAlloys Product Security Team is composed of Application Security and Cloud Security engineers who are responsible for implementing, improving, and maintaining Alloys information security management system, and ensuring the ongoing security of Alloys products and data. What you'll be doingReporting into the VP of Infrastructure & Security, were seeking a leader who will work with a large part of the engineering org to maintain and enhance our high security standards.The Engineering Manager of the Product Security Team will:Mentor a team of Application Security and Cloud Security engineersEnsure the confidentiality, integrity, and availability of Alloys systems and data while allowing the business to move forward at a rapid paceConduct regular one on ones with members of the product security team, focusing on professional development, positive morale, and continuing momentumManage the product security backlog, prioritizing and delegating projects and ensuring their timely deliveryEngage with clients, auditors, and others during a variety of security assessmentsEnsure timely security reviews of new and ongoing engineering initiatives Manage security vendor relationshipsParticipate in third party security assessmentsConduct recurring security management meetings (access control reviews, security bug bashes, incident response plan reviews, etc)Participate in risk assessments; lead threat modeling and tabletop security exercisesManage Alloys vulnerability management programEnsure vigilance and monitor ongoing security threatsAnalyze and respond to security incidents triggered by automated alerts, bug bounties, or external assessmentsPerform ongoing log analysis and monitoring, and set up alerts to be proactively alerted or concerning activityProactively implement security controls and update existing controls to respond to an ever-changing threat environmentImplement and configure tools to help us detect and respond to new types of threatsMaintain awareness and understanding of Current Vulnerabilities & Exposures relevant to Alloy applications, dependencies, and infrastructureMake sure vulnerable applications or systems are being promptly updated and vulnerabilities remediatedRegularly assess the security of our systems and compile reports for our team and our customersPerform periodic security audits, penetration tests, and various tasks to ensure security policy and regulatory compliancePrepare reports that document security incidents and the extent of the damage caused by the incidentsMaintain and adapt Alloy's security processes, procedures, and policies (we have strict security requirements and need to provide a lot of documentation to our customers and auditors!)Who were looking for3+ years of leadership experience8+ years of work experience in Application Security, Cloud Security, or Platform SecurityRelevant information security and other certifications preferred: CISM, CISSP, AWS Solutions Architect, AWS Security Specialty, and similarKnowledge of security, governance, risk, and compliance standards, frameworks, and controls such as PCI-DSS, ISO 2700127002, SOC 2, NIST CSF, CIS Benchmarks, etc.Practical experience with information systems security standards and practices (e.g., access control, system hardening, system audit and log file monitoring, security policies, and incident handling)Experience at each level of the stack: network, system, and application security particularly with kubernetes and public cloud.Knowledge of TCPIP and network communications.Knowledge of encryption decryption technologiesExperience implementing and configuring common security tooling solutions (SCA, SAST, SIEM, TPAM, DAST, CSPM, EDR, etc)Strong problem solving and analytical skills, exceptional written and verbal communication skillsDemonstrated experience leading a product security teamDemonstrated initiative, customer orientation and teamwork competenciesAbility to manage multiple projects, priorities and deadlinesCombination of education, training, and experience preferredAt Alloy, we strive to attract & retain talent by providing compensation that is competitive with other organizations of our size & stage. We are committed to ensuring each candidate has what they need to be successful in their role with a balanced range of compensation, equity, perks & benefits. We actively share our compensation philosophy with employees, with the goal of fostering open and honest dialogue. Finally, we work to administer our philosophy and drive consistency in order to promote equity and monitor the fairness of each outcome.The following range is based on the scoped level within the organization and only for NYC: 210-247kBenefits and Perks Unlimited PTO and flexible work policyMedical, dental, vision plans with HSA (monthly employer contribution) and FSA options401k with 100% match up to 4% of annual employee compensation Eligible new parents receive 16 weeks of paid parental leave Home office stipend for new employeesLearning & Development annual stipendWell-being benefits include access to OneMedical, Headspace, and moreWe're a lean team, so your impact will be felt immediately. If this all sounds like a good fit for you, why not join us?

Created: 2025-01-31