Member of the Technical Staff, Security Operations

Technical Skills:

• Build and maintain security automation and tooling to detect vulnerabilities through static and dynamic analysis across code and live systems.
• Conduct application security assessments, penetration tests, and code reviews to identify high-risk security issues and provide secure development guidance.
• Develop and operate vulnerability management workflows, partnering with engineering teams to prioritize and remediate findings.
• Establish and test security guardrails for code, cloud resources, and infrastructure components throughout the Anchorage platform.

Complexity and Impact of Work:

• Monitor and respond to security events and configuration anomalies across the organization, leading investigation and containment efforts.
• Manage the full vulnerability lifecycle from discovery through remediation, tracking progress and ensuring timely closure of findings.
• Lead or substantially contribute to Security Operations initiatives with minimal oversight, coordinating across team boundaries to drive projects to completion.
• Break complex security problems into manageable workstreams with accurate scope and time estimates. Present options clearly and provide well-reasoned priority recommendations.
• Deliver assurance artifacts and evidence for regulated entity requirements, supporting audit and compliance efforts.
• Balance speed of response with thoroughness of investigation, adapting approach based on risk and business impact.

Organizational Knowledge:

• Understand and help implement the company's security strategy by participating in planning and defining Security Operations goals in alignment with Anchorage Digital's overall objectives.
• Stay alert to emerging threats, vulnerabilities, and industry trends that could affect organizational security posture.
• Consider security holistically across the product ecosystem—applications, infrastructure, and third-party integrations—while fostering a security-first culture.
• Collaborate cross-functionally with Engineering, Infrastructure, and Compliance teams to embed security into development and operational processes.

Communication and Influence

• Share knowledge broadly across the team through documentation, runbooks, and post-incident reviews, preventing single points of failure.
• Partner with engineering teams to explain security risks and remediation approaches, translating technical findings into actionable guidance.
• Collaborate across teams to review security configurations, triage findings, and engage in technical discussions. Communicate insights and recommendations clearly to improve processes.
• Demonstrate empathy by understanding others' context, priorities, and constraints—adapting communication style to maximize effectiveness with both technical and non-technical audiences.

You may be a fit for this role if you have:

• Security Operations or AppSec experience: You have 3+ years of hands-on experience in security engineering, application security, penetration testing, or security operations.
• Security tooling and automation: You have built or maintained security tools, integrations, or automation workflows using Python, Go, or similar languages.
• Vulnerability assessment: You can identify and assess security vulnerabilities in applications, APIs, and cloud infrastructure, and effectively communicate remediation strategies.
• Static and dynamic analysis: You have experience with tools like Semgrep, CodeQL, Burp Suite, or equivalent for identifying security issues in code and running systems.
• Cloud security: You understand AWS security fundamentals including IAM, VPCs, security groups, and CloudTrail/logging.
• Incident response: You can investigate security events, perform root cause analysis, and coordinate response efforts.
• You have developed "computer science fundamentals," i.e. concurrency, algorithms, and data structures.
• You genuinely care about code quality and operational excellence.
• You prioritize security outcomes, end-user experience, and business value over "cool tech."
• You self-describe as some combination of the following: creative, humble, ambitious, detail-oriented, hardworking, trustworthy, eager to learn, methodical, action-oriented, and tenacious.

Although not a requirement, bonus points if:

• You have experience running or participating in bug bounty programs (HackerOne, Bugcrowd, etc.).
• You have worked in a regulated financial services, fintech, or crypto environment.
• You have exposure to blockchain security, smart contract auditing, or Web3 technologies.
• You have built or contributed to open-source security tools.
• You hold relevant certifications (OSCP, GWAPT, GCIH, AWS Security Specialty, etc.).
• You read blockchain protocol white papers for fun, and stay up to date with the proliferation of crypto-asset innovations.
• You were emotionally moved by the soundtrack to Hamilton, which chronicles the founding of a new financial system. :)