Member of Technical Staff, Security Engineering, AppSec Focus
Anchorage Digital
Technical Skills:
- Identify issues and promote best practice in our secure, resilient, and globally scalable infrastructure.
- Review code across the entire stack and assist other engineering teams in solving these issues with technical guardrails.
- Promote an efficient testing culture, minimizing technical debt and bureaucracy.
Complexity and Impact of Work:
- Enhance our Vulnerability Management program by identifying and addressing issues. Collaborate with engineering teams responsible for various services and products to ensure effective remediation.
- Automate manual tasks into continuous testing facilities to ensure Anchorage Digital is ready to scale securely.
- Independently drive work and lead or significantly contribute to medium-to-large Security Team initiatives. These projects often involve multiple team members and may cross engineering team boundaries. Lead projects from start to finish with minimal oversight, coordinating activities of other team members.
- Break down large projects into smaller tasks. Estimate the time and scope of these tasks accurately. Clearly present the different options considered, analyze trade-offs, and justify the recommended priorities.
- Work is reviewed upon completion and is consistent with departmental objectives. May be accountable for delivering tactical business targets that impact their team.
- Contribute high-quality code and infrastructure, making significant technical contributions to our platform. Monitor and address technical debt, and identify opportunities for improvement.
Organizational Knowledge:
- Understand the company's strategy to help ensure its successful implementation. Participate in planning and defining the Security Team's strategic goals in alignment with the overall goals of Anchorage Digital.
- Monitor for the development of company objectives and trends that might impact its success.
- Thoroughly consider security across the entire product ecosystem and foster a company culture that prioritizes it.
- Strike the right balance between rapid progress (shipping quickly) and precision (measuring twice).
Communication and Influence:
- Ensure knowledge is shared throughout the broader team and avoid positioning anyone as a single point of failure.
- Mentor and guide multiple engineers throughout the Engineering team. Help them understand how security impacts Anchorage Digital’s strategic goals, empowering them to develop new technologies and services safely with proper oversight and assurance.
- Collaborate across teams and services to solve problems. Review specs from other teams and engage in technical discussions. Clearly communicate insights, recommendations, and ideas to improve processes and address the technical backlog.
- Understand the context, needs, motivations, emotions, and concerns of others, and adjust communication to maximize impact and effectiveness.
You may be a fit for this role if you have:
- You have real world experience and skills in the following security fundamentals:
- Threat Modeling: Ability to identify potential threats and vulnerabilities in applications.
- Vulnerability Management: Monitoring dependencies and versions, conducting security assessments and testing, and code reviews.
- Secure Coding Practices: Ensuring applications are developed following secure coding standards and practices, resilient to vulnerabilities.
- Cryptography: Ability to validate usage of encryption technologies, digital signatures, and authentication protocols.
- Authentication and Authorization: Implementing robust authentication and authorization mechanisms.
- You have real world experience using:
- Web: JavaScript, HTML, CSS, and REST APIs.
- Mobile: iOS applications, Swift
- Security Tools: Burp Suite, OWASP ZAP, Nessus, Metasploit, and Wireshark.
- You have developed “computer science fundamentals”, i.e. concurrency, algorithms, and data structures (Formal CS degree NOT required).
- You’re familiar with common standards and frameworks such as OWASP, NIST, ISO27001, and PCI-DSS.
- You genuinely care about code quality and test infrastructure.
- You prioritize end-user experience and business value over “cool tech.”
- You self-describe as some combination of the following: creative, humble, ambitious, detail-oriented, hardworking, trustworthy, eager to learn, methodical, action-oriented, and tenacious.
Although not a requirement, bonus points if:
- In your mind the word “crypto” stands for cryptography, not cryptocurrency.
- You read blockchain protocol white papers for fun, and stay up to date with the proliferation of cryptoasset innovations.
- You were emotionally moved by the soundtrack to Hamilton, which chronicles the founding of a new financial system. :)