Anchorage Digital - Member of Technical Staff, Security Operations

• Build and maintain security automation and tooling to detect vulnerabilities through static and dynamic analysis across code and live systems. • Conduct application security assessments, penetration tests, and code reviews to identify high-risk security issues and provide secure development guidance. • Develop and operate vulnerability management workflows, partnering with engineering teams to prioritize and remediate findings. • Establish and test security guardrails for code, cloud resources, and infrastructure components throughout the Anchorage platform. • Complexity and Impact of Work: • Monitor and respond to security events and configuration anomalies across the organization, leading investigation and containment efforts. • Manage the full vulnerability lifecycle from discovery through remediation, tracking progress and ensuring timely closure of findings. • Lead or substantially contribute to Security Operations initiatives with minimal oversight, coordinating across team boundaries to drive projects to completion. • Break complex security problems into manageable workstreams with accurate scope and time estimates. Present options clearly and provide well-reasoned priority recommendations. • Deliver assurance artifacts and evidence for regulated entity requirements, supporting audit and compliance efforts. • Balance speed of response with thoroughness of investigation, adapting approach based on risk and business impact. • Organizational Knowledge: • Understand and help implement the company's security strategy by participating in planning and defining Security Operations goals in alignment with Anchorage Digital's overall objectives. • Stay alert to emerging threats, vulnerabilities, and industry trends that could affect organizational security posture. • Consider security holistically across the product ecosystem—applications, infrastructure, and third-party integrations—while fostering a security-first culture. • Collaborate cross-functionally with Engineering, Infrastructure, and Compliance teams to embed security into development and operational processes. • Communication and Influence • Partner with engineering teams to explain security risks and remediation approaches, translating technical findings into actionable guidance. • Collaborate across teams to review security configurations, triage findings, and engage in technical discussions. Communicate insights and recommendations clearly to improve processes. • Demonstrate empathy by understanding others' context, priorities, and constraints—adapting communication style to maximize effectiveness with both technical and non-technical audiences. • You may be a fit for this role if you have: • Security Operations or AppSec experience: You have 3+ years of hands-on experience in security engineering, application security, penetration testing, or security operations. • Security tooling and automation: You have built or maintained security tools, integrations, or automation workflows using Python, Go, or similar languages. • Vulnerability assessment: You can identify and assess security vulnerabilities in applications, APIs, and cloud infrastructure, and effectively communicate remediation strategies. • Static and dynamic analysis: You have experience with tools like Semgrep, CodeQL, Burp Suite, or equivalent for identifying security issues in code and running systems. • Cloud security: You understand AWS security fundamentals including IAM, VPCs, security groups, and CloudTrail/logging. • Incident response: You can investigate security events, perform root cause analysis, and coordinate response efforts. • You have developed "computer science fundamentals," i.e. concurrency, algorithms, and data structures. • You genuinely care about code quality and operational excellence. • You prioritize security outcomes, end-user experience, and business value over "cool tech." • You self-describe as some combination of the following: creative, humble, ambitious, detail-oriented, hardworking, trustworthy, eager to learn, methodical, action-oriented, and tenacious. • Although not a requirement, bonus points if: • You have experience running or participating in bug bounty programs (HackerOne, Bugcrowd, etc.). • You have worked in a regulated financial services, fintech, or crypto environment. • You have exposure to blockchain security, smart contract auditing, or Web3 technologies. • You have built or contributed to open-source security tools. • You hold relevant certifications (OSCP, GWAPT, GCIH, AWS Security Specialty, etc.). • You read blockchain protocol white papers for fun, and stay up to date with the proliferation of crypto-asset innovations. • You were emotionally moved by the soundtrack to Hamilton, which chronicles the founding of a new financial system. :)