Lead Security Engineer

We are seeking a highly motivated and experienced Lead Security Engineer to head up the security of our applications, infrastructure, and data in our dynamic cloud-native environment. You will be a key leader in shaping our security posture, driving a security-first culture within our development teams, and mentoring junior security engineers. This is a high-impact role with the opportunity to grow and manage a security team in the future.

Responsibilities:

• Leadership: Provide technical leadership and guidance to other security engineers and developers on secure coding practices, security design patterns, and vulnerability remediation.
• Secure Development Lifecycle: Champion secure coding practices and integrate security into all phases of the software development lifecycle.
• Vulnerability Management: Proactively identify and assess vulnerabilities in application design, code, and infrastructure. Lead efforts in remediation and mitigation strategies.
• Cloud Security: Design, implement, and manage security controls within our AWS cloud environment, leveraging your knowledge of Kubernetes and container security best practices.
• DevSecOps: Collaborate with engineering teams to design and implement secure development pipelines using tools like Argo CD, ensuring security is embedded throughout the CI/CD process.
• Security Tooling: Evaluate, implement, and manage security tooling for web application and API security, including static/dynamic analysis tools, WAFs, and vulnerability scanners.
• Incident Response: Lead incident response efforts, including investigation, containment, eradication, and recovery. Develop and maintain incident response playbooks.
• Bug Bounty Program: Manage and optimize our bug bounty program, collaborating with security researchers and internal teams to triage and address reported vulnerabilities.
• Threat Modeling: Conduct threat modeling exercises to identify potential security threats and design appropriate mitigation strategies.
• Security Awareness: Contribute to raising security awareness across engineering through training and knowledge sharing.
• Mentorship: Guide and mentor junior security engineers, fostering their growth and development.

Qualifications:

• 5+ years of experience in a security engineering role, with a strong focus on application and cloud-native security.
• Proven experience securing containerized environments (Kubernetes, Docker) and microservices architectures.
• Strong understanding of cloud security principles and best practices, preferably in AWS.
• Proficiency in at least one programming language, with Java expertise being highly desired.
• Experience with infrastructure-as-code tools (e.g., Terraform) and CI/CD pipelines (e.g., Argo CD).
• Hands-on experience with security tooling such as SAST/DAST scanners, WAFs, and vulnerability management platforms.
• Knowledge of security standards and frameworks (e.g., OWASP, NIST).
• Excellent communication and collaboration skills with the ability to work effectively with both technical and non-technical teams.
• Experience with incident response and handling security incidents.
• Experience managing bug bounty programs is a plus.
• Demonstrated leadership qualities and the ability to mentor others.

Bonus Points:

• Relevant security certifications (e.g., CISSP, CCSP, OSCP).
• Contributions to open-source security projects.
• Experience working in a regulated environment (e.g., finance, gaming, insurance).

On the Yieldstreet’s Security Team, we are the defenders against bad actors, insecure software configurations, and insider privilege misuse. We use threat modeling to assess the security impacts of change on our systems and our products.

In most organizations, Security is seen as a gatekeeper. At Yieldstreet, we are enablers of secure innovation; creating training programs to develop products with security awareness and defensive coding practices in mind, providing architectural guidance to ensure the privacy and security of our investor data, and developing security guard rails in our multi-account cloud footprint to enable product engineers to try new things without leaking sensitive data.

You are pragmatic and you understand that your decisions can impact stakeholder productivity and applications all the way up the stack. This also means you are willing to dump processes and procedures that are not productive and learn from those failures to create ones that do. 

How To Apply:

When sending your application, tell us about yourself, your crown achievements, your failures and your learnings and how you think they can fit here at YieldStreet. Use some of the examples of what you might do in the description of the role and walk us through some of the sample solutions.

About Yieldstreet

Yieldstreet is the leading private market investment platform. We believe that private market alternatives should be a fundamental part of your portfolio. That’s why we’re unlocking access to make it easier than ever to get started. We partner with top-tier investment managers to provide investors with a wide range of opportunities across real estate, venture capital, private equity, art, short term notes and more. All of our offerings are curated and vetted by our team to help investors diversify away from the stock market with confidence. 

Why Yieldstreet?

Join a team of diverse, smart, and friendly people from 8 different countries who speak a total of 17 different languages who are on a mission to make alternative investments a fundamental part of the modern portfolio. Our team is comprised of successful entrepreneurs with combined exits of over $1B. We get social with each other during happy hours, exercise classes and team off sites! We are a hybrid work company giving you the opportunity to connect with your peers in real time with the flexibility to work remotely a few days per week.