Engineering Manager, Product Security

Alloy solves the identity risk problem for companies that offer financial products by enabling them to outpace fraud and confidently serve more people around the world. Banks and Fintechs turn to Alloy to take control of fraud, credit, and compliance risk, and grow with the clearest picture of their customers.  

Through our values: Be Bold, Get Scrappy, Collaborate, and Celebrate Our Differences, we are creating a workplace where you can grow, thrive, and belong. See how we’ve been continuously recognized and named one of Inc.Magazine’s Best Workplaces, Forbes America’s Best Startup Employers, Best Fintech to Work for by American Banker, year after year.  

Check out our investors and read more about us here.  

Alloy’s Product Security Team is composed of Application Security and Cloud Security engineers who are responsible for implementing, improving, and maintaining Alloy’s information security management system, and ensuring the ongoing security of Alloy’s products and data. 

Reporting into the VP of Infrastructure & Security, we’re seeking a leader who will work with a large part of the engineering org to maintain and enhance our high security standards. The Engineering Manager of the Product Security Team will:

• Mentor a team of Application Security and Cloud Security engineers
• Ensure the confidentiality, integrity, and availability of Alloy’s systems and data while allowing the business to move forward at a rapid pace
• Conduct regular one on ones with members of the product security team, focusing on professional development, positive morale, and continuing momentum
• Manage the product security backlog, prioritizing and delegating projects and ensuring their timely delivery
• Engage with clients, auditors, and others during a variety of security assessments
• Ensure timely security reviews of new and ongoing engineering initiatives 
• Manage security vendor relationships
• Participate in third party security assessments
• Conduct recurring security management meetings (access control reviews, security bug bashes, incident response plan reviews, etc)
• Participate in risk assessments; lead threat modeling and tabletop security exercises
• Manage Alloy’s vulnerability management program
• Ensure vigilance and monitor ongoing security threats
• Analyze and respond to security incidents triggered by automated alerts, bug bounties, or external assessments
• Perform ongoing log analysis and monitoring, and set up alerts to be proactively alerted or concerning activity
• Proactively implement security controls and update existing controls to respond to an ever-changing threat environment
• Implement and configure tools to help us detect and respond to new types of threats
• Maintain awareness and understanding of Current Vulnerabilities & Exposures relevant to Alloy applications, dependencies, and infrastructure
• Make sure vulnerable applications or systems are being promptly updated and vulnerabilities remediated
• Regularly assess the security of our systems and compile reports for our team and our customers
• Perform periodic security audits, penetration tests, and various tasks to ensure security policy and regulatory compliance
• Prepare reports that document security incidents and the extent of the damage caused by the incidents
• Maintain and adapt Alloy's security processes, procedures, and policies (we have strict security requirements and need to provide a lot of documentation to our customers and auditors!)

• 3+ years of leadership experience
• 8+ years of work experience in Application Security, Cloud Security, or Platform Security
• Relevant information security and other certifications preferred: CISM, CISSP, AWS Solutions Architect, AWS Security Specialty, and similar
• Knowledge of security, governance, risk, and compliance standards, frameworks, and controls such as PCI­-DSS, ISO 27001/27002, SOC 2, NIST CSF, CIS Benchmarks, etc.
• Practical experience with information systems security standards and practices (e.g., access control, system hardening, system audit and log file monitoring, security policies, and incident handling)
• Experience at each level of the stack: network, system, and application security – particularly with kubernetes and public cloud.
• Knowledge of TCP/IP and network communications.
• Knowledge of encryption/ decryption technologies
• Experience implementing and configuring common security tooling solutions (SCA, SAST, SIEM, TPAM, DAST, CSPM, EDR, etc)
• Strong problem solving and analytical skills, exceptional written and verbal communication skills
• Demonstrated experience leading a product security team
• Demonstrated initiative, customer orientation and teamwork competencies
• Ability to manage multiple projects, priorities and deadlines
• Combination of education, training, and experience preferred

At Alloy, we strive to attract & retain talent by providing compensation that is competitive with other organizations of our size & stage. We are committed to ensuring each candidate has what they need to be successful in their role with a balanced range of compensation, equity, perks & benefits. We actively share our compensation philosophy with employees, with the goal of fostering open and honest dialogue. Finally, we work to administer our philosophy and drive consistency in order to promote equity and monitor the fairness of each outcome.

• Unlimited PTO and flexible work policy
• Medical, dental, vision plans with HSA (monthly employer contribution) and FSA options
• 401k with 100% match up to 4% of annual employee compensation 
• Eligible new parents receive 16 weeks of paid parental leave 
• Home office stipend for new employees
• Learning & Development annual stipend
• Well-being benefits include access to OneMedical, Headspace, and more

We're a lean team, so your impact will be felt immediately. If this all sounds like a good fit for you, why not join us?

Apply right here. You've found the application!

Alloy is proud to be an equal opportunity workplace and employer. We’re committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or veteran status. We are committed to an inclusive interview experience and provide reasonable accommodations to applicants with visible and invisible disabilities. We encourage applicants to share needed accommodations with their recruiter.