Senior Security Engineer
Greater LA Area
At Aspiration, we created the category of sustainable, socially responsible retail consumer finance. We offer unique financial products to let people save, spend, and invest their money in ways that make them more financially secure and align with their personal values. Unlike other financial institutions, Aspiration is committed to building a relationship with our customers based on trust and aligning the customer’s success with our own. Aspiration has raised over $115M in funding to date, and is growing quickly.
The Senior Security Engineer is responsible for assisting with the implementation and maintenance of the corporate information security program to ensure the confidentiality, integrity, and availability of Aspiration data assets. The program includes: enforce policies, standards, guidelines, and controls to manage and prevent risk to Aspiration. As a senior staff member, this individual will work directly with the business units and outside vendors to review and evaluate security controls to ensure they meet Aspiration’s standards.
What You'll Do
- Conduct risk assessments against systems and processes to ensure appropriate controls are in place and recommend/implement controls to remediate risk findings.
- Participate in developing, testing, and improving the incident response program.
- In coordination with the Information Technology department, ensure new employees are properly onboarded and exiting employees are promptly offboarded.
- Document information security policies, procedures, and tests.
- Administer and maintain security systems and tools, including software updates, configuration, and control reviews.
- Review output from security systems and tools (reports and log data) to ensure normal operations and detection of anomalous behavior.
- Collaborate with DevOps to ensure cloud security for promoting DevSecOps.
- Work with vendors and third parties to understand their processes, technology and/or applications to appropriate security controls are in place to protect Aspiration and its data. Review vendors’ SOC reports.
- Conduct security reviews against new processes, technology, and applications.
- Research, evaluate, and select security tools to improve the security of Aspiration.
- Conduct regular vulnerability assessments and lead projects for penetration tests.
- Safeguard sensitive information by working with business units and vendors/third parties to determine and enforce appropriate access levels.
- Identify regulatory and legal requirements that may affect data and application security policy, standards, and procedures.
- Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud scams, and best practices and tools available for system/network protection. Train users and promote security awareness to ensure system security.
- Exercise appropriate levels of discretion and confidentiality when addressing security-related incidents.
- Assist in internal and external audit requests.
- Ensures Aspiration data is securely protected from internal and external, intentional and unintentional access, alteration and deletion.
What You'll Bring
- Bachelor's degree in computer science, information security, engineering, or related technology field.
- 5+ years of relevant experience in IT and Information Security.
- Relevant security, privacy, or auditing certifications such as: CISSP, CCSP, CISA, CRISC, CIPP, CIPT, or PCI ISA or QSA.
- Knowledge and understanding of a “cloud-first” architecture and a hybrid or on-premise architectures.
- Knowledge and understanding of modern security tools for: log management, SIEM, SSO, IDM, IAM, NGAV, MDM, DLP, CASB, etc.
- Knowledge and understanding of security vulnerabilities and hacking techniques.
- Knowledge and understanding of DevOps security.
- Knowledge of regulations and policies pertaining to information security.
- Ability to document security controls and creating data flow diagrams.
- Previous fintech, banking, credit union, investment firm, or mortgage industry knowledge.
- Knowledge of regulatory and legal requirements (GLBA, California SB 1386, AB 375, etc.)
- Knowledge of cyber security banking, registered investment advisor, and broker-dealer compliance requirements (FFIEC, OCC, FINRA)Knowledge of PCI requirements.
- Knowledge of standards including SSAE 18, ISO 27000, NIST, CIS, etc.
What You'll Get
- Making an impact for a company with a mission of transforming the financial industry and the lives of millions
- Competitive salary and equity incentives
- Robust healthcare plans, 401K and unlimited vacation time
- Dog-friendly office in beautiful Marina del Rey with an in-office gym
- Diverse & inclusive culture
Read Full Job Description