Senior Application Security Engineer

New York City, NY, US
  • Job Type: Full-Time
  • Function: IT
  • Industry: Enterprise
  • Post Date: 06/15/2021
  • Website:
  • Company Address: 41 Elizabeth St #500, New York, NY, 10013


Alloy is a service for reducing false positives during the KYC process. Alloy’s API and dashboard helps financial institutions integrate multiple sources of data and custom CIP rules to both increase the number of customers that can be successfully onboarded without manual review and improve transparency and efficiency into the process.

Job Description

This is Alloy's first dedicated security hire, which comes with a lot of autonomy and responsibility. You'll work with a large part of the engineering org to maintain and enhance our high security standards. We'd like our security team to be supportive, asking the question "how can we get to 'yes'" instead of being gatekeepers.

The following requirements may seem like a lot, but you'll have the resources to tell us what we need. We look forward to working with you and having a domain expert to help us scale our culture of security!

What you will do

  • Contribute to a culture of security at Alloy by helping train staff and being the go-to expert on security practices, tools, and vulnerabilities
  • Stay vigilant and monitor ongoing security threats
    • Analyze and respond to security incidents triggered by automated alerts, bug bounties, or external assessments
    • Perform ongoing log analysis and monitoring, and set up alerts to be proactively alerted or concerning activity
  • Proactively layer on security controls and update existing controls to respond to an ever-changing threat environment
    • Implement and configure tools to help us detect and respond to new types of threats
    • Maintain awareness and understanding of Current Vulnerabilities & Exposures relevant to Alloy applications, dependencies, and infrastructure
    • Make sure vulnerable applications or systems are being promptly updated and vulnerabilities remediated
  • Regularly assess the security of our systems and compile reports for our team and our customers
    • Perform periodic security audits, penetration tests, and various tasks to ensure security policy and regulatory compliance
    • Prepare reports that document security incidents and the extent of the damage caused by the incidents
  • Maintain and adapt Alloy's security processes, procedures, and policies (we have strict security requirements and need to provide a lot of documentation to our customers and auditors!)

What we look for

  • 5+ years of work experience in Information Security, IT Audit, or Compliance
  • Relevant information security certifications preferred (i.e. ECSA, CISM, CISSP)
  • Knowledge of regulatory compliance requirements including PCI­-DSS, ISO 27001/27002, SOC 2, etc. preferred
  • Strong knowledge of information systems security standards and practices (e.g., access control, system hardening, system audit and log file monitoring, security policies, and incident handling)
  • Some experience at each level of the stack: network, system, and application security
  • Understanding of TCP/IP and network communications
  • Strong problem solving and analytical skills, exceptions written and verbal communication skills
  • Demonstrated initiative, customer orientation and teamwork competencies
  • Ability to manage multiple projects, priorities and deadlines
  • Combination of education, training, and experience preferred

Benefits and Perks!

  • Unlimited PTO and we are remote until 2021*
  • Company Paid Medical, Dental, Vision Benefits
  • 401k with 100% match up to 4%
  • $500 to just set up your WFH space - a one time thing
  • Annual Professional Development Budget
  • Annual Citi Bike Membership
  • Monthly Commuter Budget 
  • Monthly stipend for groceries from Public Goods
  • Weekly lunch allowance on Seamless
  • Contribution to Lifetime, NYSC, or ClassPass
  • Four Free Therapy Sessions

Powered by VentureLoop- Partner Company Sign In

We use cookies to customize your user experience. Click “Agree” if you agree with our Policy.