Product Security Engineer

at Alpaca
🔒 Cybersecurity🔵 Mid-level

Job description

Who We Are:

Alpaca is a US California headquartered brokerage infrastructure technology company and self-clearing broker-dealer, delivering execution and custody solutions for Stocks, ETFs, Options, Cryptocurrencies, and more, and has raised over $170 million in funding. Amongst our subsidiaries, Alpaca is a licensed financial services company in multiple countries, and we serve hundreds of financial institutions globally such as broker-dealers, investment advisors, hedge funds, and crypto exchanges.

Alpaca’s globally distributed team members bring in diverse experiences such as engineers, traders, and brokerage professionals to achieve our Mission of opening financial services to everyone on the planet. We are also deeply committed to open-source contributions and fostering a vibrant community. We will continue to enhance and improve our award-winning developer-friendly API and the infrastructure behind it.

Our Team Members:

We’re a team of 150+ globally distributed members who love working from our favorite places worldwide. Our team spans the USA, Canada, Japan, Hungary, Nigeria, Brazil, the United Kingdom, and more!

We’re looking for candidates eager to join Alpaca’s growing organization, who are excited about our Mission of “Open financial services to everyone on the planet and share our Values of “Stay Curious,” “Have Empathy,” and “Be Accountable.”

Your Role:

We are seeking an experienced Product Security Engineer who can help expand our Security efforts and play a critical role in safeguarding Alpaca’s assets from evolving cyber threats to ensure the security and integrity of our products.

In this role, you will play a key part in ensuring the security of Alpaca’s products and infrastructure, protecting our APIs, trading platforms, and customer data from threats. You’ll collaborate closely with our engineering, product, and operations teams to embed security best practices into our development lifecycle, harden our systems, and respond to emerging threats. If you’re excited about security, cutting edge financial tech, and thrive in a fast-paced environment, we’d love to hear from you.

The role requires a deep understanding of Cybersecurity principles, application security, DevSecOps, incident response, cloud security, offensive security, and proactive threat detection with a proven track record of managing security risks and cross functional collaboration. The Security Team is 100% distributed and remote. This role will be reporting directly to the CISO.

Things You Get To Do:

  • Collaborate with Product, Engineering, and DevOps to embed security into our API and platform development lifecycle, working hand-in-hand with our Engineering and Product teams
  • Perform threat modeling and security reviews to spot risks early and keep our products secure
  • Identify, triage, and remediate security vulnerabilities in our codebase, infrastructure, and third-party dependencies, and help respond and manage our bug bounty program
  • Build and tweak automation tools for security testing and monitoring
  • Participate in security incident response efforts, including investigation, containment, and post-mortem analysis, to ensure rapid resolution and continuous improvement
  • Harden our cloud systems (Google Cloud, Kubernetes) and products to meet industry standards and protect against evolving threats
  • Team up with product and DevOps crews to make security seamless without slowing us down
  • Promote a security-first mindset by providing guidance, training, and documentation to team members on secure coding practices and emerging threats
  • Assist with compliance audits and assessments as necessary
  • Conduct security research and contribute to the development of new security tools and techniques.

Who You Are (Must-Haves):

  • Excited about Alpaca’s mission and what we’re building
  • 6-8 years of mixed experience in a security operations, security engineering, product security, and DevSecOps
  • Proficiency in at least one programming language (e.g., Go, Python etc.) and the ability to review and write secure code
  • Experience with API security (e.g., OAuth, JWT, WAF, rate limiting)
  • Experience with cloud security (e.g., Google Cloud, AWS) including DevSecOps and embedding security in the CI/CD pipeline
  • A strong understanding of how to secure containerized environments (e.g., Kubernetes, Docker)
  • Familiarity with security tools such as static code analyzers, vulnerability scanners, and penetration testing frameworks
  • Knowledge of common security vulnerabilities (e.g., OWASP Top 10) and mitigation strategies
  • Strong analytical and problem-solving skills
  • Excellent communication skills and committed to work collaboratively across the Firm
  • Comfortable thriving in a distributed, remote-first team with asynchronous collaboration across time zones
  • A curious mindset, empathy for our users and teams, and a commitment to accountability—aligned with Alpaca’s core values of “Stay Curious,” “Have Empathy,” and “Be Accountable.”
  • Available for on-call rotations and after hour responses as needed

Who You Might Be ( Nice-to-Haves):

  • Bachelor’s degree in Information Technology or a related field
  • Security related certifications such as CISSP, GIAC, OSCP, CRTO, K8s is a plus
  • Experience in securing and monitoring APIs
  • Understanding of financial and privacy regulations
  • Experience in the financial services industry
  • Business acumen to be able to balance tradeoffs between stakeholders and technology feasibility and budget constraints

How We Take Care of You:

  • Competitive Salary & Stock Options
  • Benefits: Health benefits start on day 1. In the US this includes Medical, Dental, Vision. In Canada, this includes supplemental health care. In Japan, you are offered local benefits. Internationally, this includes a stipend value to offset medical costs.
  • New Hire Home-Office Setup: One-time USD $500
  • Monthly Stipend: USD $150 per month via a Brex Card
  • Work with awesome hard working people, super smart and cool clients and innovative partners from around the world

Alpaca is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.

Recruitment Privacy Policy

Share this job:
Please let Alpaca know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Alpaca logo

Alpaca

Stock & crypto trading API software

  • Founded in 2015
  • 23 remote jobs

Latest Jobs at Alpaca

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply