Who we are

Albert is a new type of financial service that uses powerful technology to automate your finances, with a team of human experts to guide you. Albert saves and invests automatically for you, helps you avoid overdrafts, finds savings you’re missing, identifies bills you’re overpaying, and much more. Text Albert a financial question, and our geniuses won’t just offer guidance — they’ll help you take action.

We're an LA-based startup with a proven business model, backed by top-tier institutional investors and have over 8 million users who have trusted Albert to help them achieve their financial goals. We're on a mission to democratize money management through our simple, beautifully designed product, and we're looking for thoughtful, talented people to join us on our journey. 

About the role

Security is core to Albert’s mission and critical to how we build our products from inception and design to deployment in the cloud. This role will help Albert maintain security at speed and scale. As the Director of Security Engineering, you will be a part of our Platform Team and lead all security engineering practices at Albert. In this role, you will shape and advance the security posture of a wide variety of products offered as part of our mobile-based financial management platform. Your responsibilities include but not limited to, evolving and executing Albert’s security lifecycle and growing it to the next level of maturity, defining and operationalizing security & privacy standards, architecting secure services, performing threat models and security assessments, providing training and deep guidance on remediation and security best practices.

To be successful in this role, you must have both broad and deep, hands-on expertise in enabling the building of secure mobile-first products powered by the cloud. You must also have extensive experience with integrating security early into the product lifecycle to build them from the ground up to meet business needs, regulatory requirements and address emerging threats. You must be able to coordinate and work effectively with Product Engineering teams, DevOps, Product Management, Technology and Service Vendors, Suppliers, and Customers on all aspects of the security lifecycle from requirements & architecture design to solution deployment.

Things you're good at

• Ownership: Dive in and take ownership of activities like code security reviews, threat modeling, static and dynamic security testing, and conducting security training for developers. 
• Architecture: Provide application security guidance and oversight across Engineering and Product teams. 
• Organization: Work across various layers of our company in an inspired, efficient way. Provide hands-on remediation guidance to teams across the organization.
• Prioritization: Prioritize initiatives to demonstrate alignment with our business strategy and value propositions. Communicate priorities and drive consensus on the path forward. Identify, prioritize, and promote security practices that create the most impact in reducing overall security risk of our applications.
• Collaboration: We bring out the best in each other. We're looking for people who will bring out the best in all of us. This role should seek to influence the design and implementation of upcoming products and services with security and privacy design in mind.

Responsibilities

• Drive Albert’s security engineering program by working across the organization with various product/engineering and operations teams as well as partners and customers
• Ensure Albert’s products/services are built and delivered with security and privacy principles from the ground up
• Develop and maintain threat models for Albert products and services and train engineering teams to develop attacker/risk-driven design skills
• Provide deep expertise to engineering teams on secure software, firmware & cloud development practices including secure design, secure coding, and security testing
• Own and drive the device identity lifecycle, including end-to-end secure certificate management processes and automated workflows
• Develop, document, and manage the device security standards and design patterns to deliver consistent and secure IoT services
• Provide scalable hands-on design & remediation guidance to address security issues at a framework/platform level as opposed to fixing issues in an isolated manner
• Assess the effectiveness and implement improvements to security vulnerability and incident management processes and technologies
• Build solutions/automation to help scale security at the speed of the business
• Identify, measure, and report security metrics to indicate production risk and effectiveness of security processes & tools
• Build a team of strong security engineers and act as their mentor
• Educate various other teams across the organizations on the security risks to the business and how they can be mitigated
• Be a strong thought leader and stay up to date with the latest security threats, techniques to mitigate them across different technologies, and champion support for your ideas to mitigate them across different technologies, and champion support for your ideas

Requirements

• 10+ years of related experience, specifically in Security Engineering, Security Operations, Product Security, Product Security Incident Response (PSIRT), Computer Security Incident Response Team (CSIRT), Risk Management or Information Systems
• 10+ years in an enterprise-scale information security engineering role, with at least 2 years in a leadership position
• Strong project management skills: planning, organizing, monitoring and reporting on project activities
• Experience in PSIRT, CSIRT, incident response and/or vulnerability response
• Ability to be effective in a remote global work environment
• Experience with event/incident response tooling/suites and alert design within the SIEM
• Deep Knowledge of TCP/IP and other application and network-level protocols
• Ability to lead the public communication and release of product security vulnerabilities working with business units, Mitre, Customer teams, and CustomersUnderstanding of containerization and containerized applications, their security weaknesses and how to secure them
• Understanding of and experience with patch automation, security orchestration, and management tooling for on-premise, private cloud, and cloud infrastructure

Benefits

• Competitive salary and meaningful equity
• Health, vision and dental insurance
• Meals provided
• Monthly wellness stipend
• 401k match

This California Privacy Notice applies to personal information of California job applicants that Albert collects and processes as it relates to the submission of a job application.