Product Security Engineer

Remote Full-time
Who We Are:Alpaca is a US California headquartered brokerage infrastructure technology company and self-clearing broker-dealer, delivering execution and custody solutions for Stocks, ETFs, Options, Cryptocurrencies, and more, and has raised over $170 million in funding. Amongst our subsidiaries, Alpaca is a licensed financial services company in multiple countries, and we serve hundreds of financial institutions globally such as broker-dealers, investment advisors, hedge funds, and crypto exchanges.Alpaca’s globally distributed team members bring in diverse experiences such as engineers, traders, and brokerage professionals to achieve our Mission of opening financial services to everyone on the planet. We are also deeply committed to open-source contributions and fostering a vibrant community. We will continue to enhance and improve our award-winning developer-friendly API and the infrastructure behind it.Our Team Members:We’re a team of 200+ globally distributed members who love working from our favorite places worldwide. Our team spans the USA, Canada, Japan, Hungary, Nigeria, Brazil, the United Kingdom, and more!We’re looking for candidates eager to join Alpaca’s growing organization, who are excited about our Mission of “Open financial services to everyone on the planet and share our Values of “Stay Curious,” “Have Empathy,” and “Be Accountable.”Your Role:We are seeking an experienced Product Security Engineer who can help expand our Security efforts and play a critical role in safeguarding Alpaca’s assets from evolving cyber threats to ensure the security and integrity of our products. In this role, you will play a key part in ensuring the security of Alpaca’s products and infrastructure, protecting our APIs, trading platforms, and customer data from threats. You’ll collaborate closely with our engineering, product, and operations teams to embed security best practices into our development lifecycle, harden our systems, and respond to emerging threats. If you’re excited about security, cutting edge financial tech, and thrive in a fast-paced environment, we’d love to hear from you. The role requires a deep understanding of Cybersecurity principles, application security, DevSecOps, incident response, cloud security, offensive security, and proactive threat detection with a proven track record of managing security risks and cross functional collaboration. The Security Team is 100% distributed and remote. This role will be reporting directly to the CISO.Things You Get To Do:Collaborate with Product, Engineering, and DevOps to embed security into our API and platform development lifecycle, working hand-in-hand with our Engineering and Product teamsPerform threat modeling and security reviews to spot risks early and keep our products secureIdentify, triage, and remediate security vulnerabilities in our codebase, infrastructure, and third-party dependencies, and help respond and manage our bug bounty programBuild and tweak automation tools for security testing and monitoringParticipate in security incident response efforts, including investigation, containment, and post-mortem analysis, to ensure rapid resolution and continuous improvementHarden our cloud systems (Google Cloud, Kubernetes) and products to meet industry standards and protect against evolving threatsTeam up with product and DevOps crews to make security seamless without slowing us downPromote a security-first mindset by providing guidance, training, and documentation to team members on secure coding practices and emerging threatsAssist with compliance audits and assessments as necessaryConduct security research and contribute to the development of new security tools and techniques.Who You Are (Must-Haves):Excited about Alpaca’s mission and what we’re building6-8 years of mixed experience in a security operations, security engineering, product security, and DevSecOpsProficiency in at least one programming language (e.g., Go, Python etc.) and the ability to review and write secure codeExperience with API security (e.g., OAuth, JWT, WAF, rate limiting) Experience with cloud security (e.g., Google Cloud, AWS) including DevSecOps and embedding security in the CI/CD pipelineA strong understanding of how to secure containerized environments (e.g., Kubernetes, Docker)Familiarity with security tools such as static code analyzers, vulnerability scanners, and penetration testing frameworksKnowledge of common security vulnerabilities (e.g., OWASP Top 10) and mitigation strategiesStrong analytical and problem-solving skillsExcellent communication skills and committed to work collaboratively across the FirmComfortable thriving in a distributed, remote-first team with asynchronous collaboration across time zonesA curious mindset, empathy for our users and teams, and a commitment to accountability—aligned with Alpaca’s core values of "Stay Curious," "Have Empathy," and "Be Accountable."Available for on-call rotations and after hour responses as neededWho You Might Be (Nice-to-Haves): Bachelor’s degree in Information Technology or a related fieldSecurity related certifications such as CISSP, GIAC, OSCP, CRTO, K8s is a plusExperience in securing and monitoring APIsUnderstanding of financial and privacy regulationsExperience in the financial services industryBusiness acumen to be able to balance tradeoffs between stakeholders and technology feasibility and budget constraintsHow We Take Care of You:Competitive Salary Stock OptionsHealth BenefitsNew Hire Home-Office Setup: One-time USD $500Monthly Stipend: USD $150 per month via a Brex CardAlpaca is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.AlpacaRecruitmentPrivacyPolicy.pdf">Recruitment Privacy PolicyOriginally posted on Himalayas

Apply Now
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Outside Sales Representative

Remote

Field Executive Cote d'Ivoire

Remote

Community Management Intern

Remote

[Work From Home] Customer Advocate- FULLY REMOTE

Remote

Aetna Remote Careers NJ $34/Hour

Remote

College and Career Readiness Student Advisor (Part-Time; Temporary)

Remote

Experienced Associate Data Engineer for Remote Work from Home Opportunities - Data Analysis and Technical Support Specialist

Remote

HR Student Office Worker

Remote

[Remote] Staff Developer, AI

Remote

Fall 2026 Criminal Justice and Homeland Security Program Adjunct Professor

Remote
← Back