Alpaca · 1 day ago
DevSecOps Engineer
United States
Full-time
Remote
Senior Level
5+ years expAlpaca is a US-headquartered self-clearing broker-dealer and brokerage infrastructure company. They are seeking a DevSecOps Engineer to own the intersection of security, reliability, and DevOps, focusing on embedding security throughout their infrastructure and software development lifecycle.
Developer APIsFinancial ServicesFinTechTrading Platform
Responsibilities
Embed security into CI/CD pipelines by implementing and owning secure controls, including Infrastructure as Code (IaC) scanning, Software Composition Analysis (SCA), secrets checks, policy-as-code, and deployment guardrails
Lead the process of vulnerability and patch management, automating discovery, prioritization, and remediation across all cloud workloads and their dependencies
Strengthen cloud and Kubernetes environments through secure configurations, network segmentation, workload identity management, and automated compliance against industry standards (e.g., CSA Star)
Advance the security of the software supply chain, focusing on generating Software Bill of Materials (SBOMs), artifact signing, dependency governance, and implementing integrity controls
Create secure 'paved roads' for developers, providing hardened IaC modules, templates, tooling, and comprehensive documentation
Own and validate cyber-resiliency standards (secure failover, secure backups, Disaster Recovery playbooks) through secure rehearsals to ensure both the availability and integrity of systems and data
Develop secure deployment patterns, such as canary rollouts, automated safe rollbacks, and guardrails to minimize blast radius
Improve detection and response capabilities by building high-signal alerts, enhancing forensic logging, and providing robust security telemetry. Partner with the SecOps team on incident handling
Help manage offensive security engagements (penetration testing, red team, bug bounty) and ensure findings are fed directly into remediation pipelines and risk prioritization
Conduct security reviews and threat modeling for all new services and major architecture changes to ensure designs are secure-by-default
Strengthen the identity and access model by enforcing the principle of least privilege, strong authentication, and secure secrets lifecycle management
Support compliance and audit readiness by operationalizing security controls, producing necessary evidence, and maintaining the health of these controls
Champion a strong security culture by partnering with DevOps and Engineering teams to uplift secure coding practices and guide risk-based decision-making
Define key security performance indicators (KPIs) such as time to detect, time to remediate, exposure scores, and percentage of infrastructure covered by automated controls, and report measurable improvements to leadership
Qualification
Required
Excited about Alpaca's mission and what we're building
5+ years of experience across DevSecOps, security engineering, or cloud security in a modern cloud-native environment
Strong hands-on experience with CSPs, Kubernetes, Terraform, and container security
Deep understanding of secure CI/CD, including IaC security, dependency/SCA, secrets scanning, and policy-as-code
Solid background in identity & access security
Experience automating vulnerability management and patching workflows across cloud and container ecosystems
Strong familiarity with detection engineering, logging/telemetry, and partnering in incident response
Proficient in a scripting/programming language (Python, Go, or similar) for automation and security tooling
Comfortable working cross-functionally with DevOps and Engineering teams, explaining risk in practical terms, and influencing secure design
Comfortable participating in on-call rotations
Preferred
Experience securing financial, trading, or other highly regulated platforms
Knowledge of regulatory frameworks common in fintech (SOC 2, ISO 27001, PCI)
Experience with supply-chain security (SBOMs, Sigstore, artifact signing) or software integrity programs
Familiarity with offensive security, bug bounty triage, or penetration testing
Security or cloud certifications (CISSP, OSCP, GIAC, GCP/AWS Security)
Bachelor's degree in Computer Science, Information Security, or equivalent experience
Business acumen to be able to balance tradeoffs between stakeholders and technology feasibility and budget constraints
Benefits
Competitive Salary & Stock Options
Health Benefits
New Hire Home-Office Setup: One-time USD $500
Monthly Stipend: USD $150 per month via a Brex Card
Company
Alpaca
Alpaca is a financial system platform that allows developers and businesses to build apps, embed investing, and trade algorithms.
201-500 employees
H1B Sponsorship
Alpaca has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2020 (2)
Funding
Current Stage
Growth StageTotal Funding
$138.8MKey Investors
SBI GroupPortage VenturesSpark Capital
2025-04-23Series C· $52M
2023-10-12Convertible Note· $15M
2021-08-30Series B· $50M
Leadership Team
Yoshi Yokokawa
Co Founder & CEO
Hitoshi Harada
Co-Founder
Recent News
Morningstar.com
2026-01-07
2025-12-17
2025-12-09
Company data provided by crunchbase