Flourish Security Automation Engineer
The Opportunity
Flourish was founded in 2017 with the goal of helping financial advisors to better secure the financial futures of their clients. We focus on independent Registered Investment Advisers (RIAs), delivering financial products that advisors can't easily access today through beautiful, scalable, and easy-to-use technology.
Today, we work with over 400 RIAs that collectively represent more than $1 trillion in assets under management across two products: Flourish Cash, a cash management solution with more than $1B in deposits, and Flourish Crypto, a turnkey cryptocurrency offering built for financial advisors and their clients. In February of 2021, we joined MassMutual1 to continue our journey in partnering with the independent RIA community to help more people reach their financial goals.
Read on if you are interested in joining a small, highly collaborative, rapidly growing startup—backed by the support and stability of a Fortune 500 company.
About You
You love automation and want to have your hands on a keyboard securing a high-velocity environment with demanding security posture requirements. You appreciate that in a heavily federated security environment, your infrastructure and application partners are contributing to security in a timebox. You understand how automation reduces their toil and how providing clean, well-summarized data supports their security responsibilities. Additionally, you're someone that loves and understands the value of writing clean, concise, modular, and well-tested code.
With an eye for assessing code and data quality, you understand how it creates automation opportunities and supports decision-making. Communication with internal partners is important - you understand the change impact of your work, when to seek feedback about production and workflow impact, and how to budget change so that partners can keep pace. Juggling a large range of opportunities for automation is exciting and you can work under self-imposed timebox constraints. You are thrilled at never having to do Governance, Regulations, and Controls; however, you appreciate the need to meet security standards, show basis for judgment, and enable machine-readable auditability and metrics as primary automation features and design considerations, treating this as an aspect of Site Reliability Engineering for modern operations.
While deep technical skills across a wide range of domains are critical to success with us, we're primarily looking for fast learners who are passionate about security and are constantly researching to stay ahead of the newest threats. We want to support your growth as an ambitious and motivated generalist. You are analytical, love to problem solve and understand the importance of collaboration. You constantly look for ways to improve operations and are able to manage projects independently.
About the Role
We're looking for the next Security Automation Engineer to join the growing team at Flourish. This person will be responsible for archetyping and building out the security platform for a fast growing and heavily regulated fintech. In partnership with our Head of Security, you will configure, deploy and maintain our security measures while also always looking to improve on ways to do things. Across the platforms that we use, you'll make recommendations for data protection, drive adherence to compliance requirements by overseeing continuous monitoring activities and incident response, and analyze network architectures to assess risks. You'll evaluate and support the documentation, validation, assessment, and accreditation processes necessary to ensure that our systems meet the necessary standards. The CloudOps team will work closely with you to implement core and cloud infrastructure security to manage risks and exposure across the firm. You'll partner with our Risk & Controls team to ensure that everything we do is compliant with the needs for our platform.
Qualifications
Bachelor's degree in Computer Science, Math, Physics or Engineering or equivalent experience.
10+ years of professional software engineering experience, preferably in a Cloud Environment
5+ years of experience with programming and scripting languages (Python, Bash, Powershell, and similar).
Expertise in reading, writing, and auditing Python, JavaScript, and Java (or similar language) and the ability to pick up new languages/technologies
Experience automating operational processes with an event-driven architecture, preferably in an AWS environment.
Experience developing and deploying serverless applications in an AWS environments such as, AWS services like API Gateway, Lambda, Step Functions, SQS, SNS, Eventbridge, and DynamoDB.
Developing data pipelines to perform analysis and generate reports of an event or log stream, preferably using a workflow orchestration system like Airflow or Argo Workflows.
Enriching alerts with metadata, automating incident responses.
Subject matter expert in secure network design and system architecture
A consistent record of discovering, analyzing, and exploiting application vulnerabilities and misconfigurations on Windows and Linux platforms
The ability to work with stakeholders throughout the vulnerability lifecycle to communicate issues and provide remediation guidance
Experience developing custom tools when necessary
Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.)
Experience leading or performing static and dynamic analysis on customer facing applications, websites, and large enterprise networks
Nice to haves
Hands-on experience with delivery via DevOps processes. For example, using GitHub pull requests, code reviews, automated code hygiene checks like git hooks and developing CI/CD pipelines.Familiarity with SRE methodologies.
Deploying Infrastructure as Code (IaC) with Terraform.
Developing Policy as Code using Rego and Open Policy Agent.
Ability to build and deploy containerized applications.
Ability to write unit and integration tests, develop checks for security and compliance controls, and/or experience implementing validation/correctness checks (e.g. code coverage for testing, SBOMs for software supply chain, AWS formal verification facilities like IAM Access Analyzer, Network Reachability Analyzer)
Familiarity with security and privacy frameworks, particularly CIS, NIST CSF/PF, and Cloud Security Alliance.
Systems administration and automation in Windows-, Linux-, and MacOS-based operating system environments.
Endpoint management (e.g., AWS Systems Manager, UEM/MDM, Jamf, or EDR).
Prefer hands-on experience with DevOps deployment strategies and tools (Jenkins, CircleCI)
Experience with infrastructure automation (Cloudformation, Terraform) and configuration management tools (Ansible, Chef, Puppet, and similar)-preferred.
At Flourish, we focus on ensuring fair, equitable pay by providing competitive salaries, along with bonus and incentive opportunities and benefits for all employees.
MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.
If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.
Offers of employment are contingent on the completion of satisfactory references, background investigation, and (if applicable) any federal securities law requirements/FINRA regulations (including fingerprinting) and/or passing of a drug screening.
At MassMutual, we focus on ensuring fair, equitable pay by providing competitive salaries, along with incentive and bonus opportunities for all employees. Your total compensation package includes either a bonus target or in a sales-focused role a Variable Incentive Compensation component. For more information about our extensive benefits offerings please check out our Total Rewards at a Glance.