Facet is a fully remote FinTech company with a mission to empower people to live more enriched lives by delivering a new standard of financial advice that elevates expectations across consumers and the industry.
We believe that unbiased, personalized financial advice that integrates into every facet of life is essential to living well. People’s financial lives are dynamic and ever-evolving, so we cover everything money touches–from starting a business to buying real estate to your investments and much more. Facet believes financial advice should be delivered with a fresh, human-plus-tech approach, that includes a CFP® professional–the highest certification possible.
The Role:
As a Senior Security Analyst at Facet, you will directly contribute to building a secure company. This role will be responsible for influencing, designing, building, implementing, and maintaining security capabilities. Our goals are focused on securely building a product and operating environment to improve the financial lives of millions and we approach these problems using solutions derived from first-principles thinking.
A successful candidate should have experience working as a Senior Senior Analyst, Penetration Tester / Red Teamer, Vulnerability Researcher, or Risk Consultant. The candidate should have intermediate to advanced understanding of how to design and implement effective security solutions in complex and fast paced environments. This candidate is someone who is interested in challenging the security industry status quo through innovative and customer-focused security solution design and implementation designed to eliminate risks at the lowest common denominators. Finally, the candidate should have familiarity with foundational risk-management topics and be adept or interested in influencing design and implementation efforts.
Day-To-Day Responsibilities:
- Develop, test, and implement new ways to solve security issues
- Embed with product and engineering teams to identify, evaluate, and treat security risks during the product development lifecycle
- Collaborate with member services and investment operation teams to assess and enhance processes, identify risks, and create risk mitigation capabilities
- Develop automations to handle, track, and heal from potential security incidents, report on, and remediate vulnerabilities
- Assist with investigation of potential incidents and subsequent response
- Create security patterns for cloud systems and collaborate with platform engineering team members to implement
- Support the evaluation of new technologies, vendors, or processes that enhance security capabilities and advise on their effectiveness in the context of the business
- Support / guide vulnerability testing, risk analyses and general security assessments
- Contribute technical expertise to corporate security policies, procedures, standards, or guidelines
- Conduct reviews of existing security technologies, generate recommendations, and implement enhancements, where appropriate
- 5-8 years experience as a Senior Security Analyst, Penetration Tester, Senior Red Team Analyst, Risk Analyst, or Vulnerability Researcher
- 5-8 years, designing, building, or operating security controls in cloud environments / distributed systems
- Demonstrated experience working cross functionally to deliver effective security capabilities
- Demonstrated experience with scripting and building automations in complex environments
- Intermediate operating systems support, development or security hardening experience with Windows, MacOS, and Linux
- Demonstrable experience working to secure distributed systems and web applications
- 1-2 years experience with infrastructure as code frameworks
- Experience with industry security frameworks such as SANS Top 20, CIS, NIST, MITRE ATT&CK, OWASP
- Demonstrable interest in particular topics in the security industry
Preferred Qualifications:
- Experience at financial services firms or fintech companies is a plus
- Can demonstrate a breadth of knowledge and experience across the information security domain, such as endpoint security, identity management, cloud security, detection engineering, vulnerability management, incident response, and threat intelligence
- Experience architecting, reviewing, and implementing security controls and automations in GCP
- Experience working with AWS
- Experience implementing controls to meet or exceed PCI, SOC I / II, or SEC Advisor rule guidelines
- Experience implementing data-centric or automic-data security solutions
- $140,000 - $170,000 base salary + bonus determined by the experience, knowledge, skills, and abilities of the applicant - Please note, our salary ranges are based on current market data. Should you feel strongly that we are not in line, we highly recommend you to reach out and let us know. We are always looking to improve on building the best place for employees.
- Equity
- Flexible PTO
- All the benefits: medical, dental, and vision insurance, 401(k) with employer match, short and long term disability coverage (paid by Facet), life insurance options and paid parental leave
- Certification reimbursement program
- Work from anywhere in the US