# Member of Technical Staff, Security Operations

**Company:** [Anchorage](https://hotfix.jobs/companies/anchorage-digital)
**Location:** Remote
**Role:** Security Engineering
**Skills:** Python, Go, Semgrep, Codeql, Burp Suite, AWS, IAM, Vpcs, Cloudtrail, Vulnerability Management
**Posted:** 2024-12-04

> Develops security automation, conducts vulnerability assessments, penetration tests, and manages security operations including incident response and cloud guardrails for a crypto platform. Requires 3+ years in security engineering with strong coding and AWS skills.

## Job Description

## Responsibilities
- Build and maintain security automation and tooling to detect vulnerabilities through static and dynamic analysis across code and live systems.
- Conduct application security assessments, penetration tests, and code reviews to identify high-risk security issues and provide secure development guidance.
- Develop and operate vulnerability management workflows, partnering with engineering teams to prioritize and remediate findings.
- Establish and test security guardrails for code, cloud resources, and infrastructure components.
- Monitor and respond to security events and configuration anomalies, leading investigation and containment efforts.
- Manage the full vulnerability lifecycle from discovery through remediation.
- Lead Security Operations initiatives with minimal oversight.
- Deliver assurance artifacts for regulated entity requirements.

## Requirements
- 3+ years of hands-on experience in security engineering, application security, penetration testing, or security operations.
- Experience building or maintaining security tools, integrations, or automation workflows using **Python**, **Go**, or similar.
- Proficiency in vulnerability assessment in applications, APIs, and cloud infrastructure.
- Experience with static and dynamic analysis tools like **Semgrep**, **CodeQL**, **Burp Suite**.
- AWS security fundamentals including **IAM**, **VPCs**, **security groups**, **CloudTrail**.
- Incident response skills: investigate events, root cause analysis.
- Computer science fundamentals (concurrency, algorithms, data structures).

## Nice-to-Haves
- Experience with bug bounty programs (**HackerOne**, **Bugcrowd**).
- Regulated financial services, fintech, or crypto environment.
- Blockchain security, smart contract auditing, Web3 technologies.
- Open-source security tools contributions.
- Certifications (**OSCP**, **GWAPT**, **GCIH**, **AWS Security Specialty**).

## Similar roles

- [Senior Staff Security Engineer, Vulnerability Management](https://hotfix.jobs/jobs/48bab836-a257-4a63-898d-d884ea8db229) - Zocdoc - Remote - $200k – $290k/yr
- [Staff Software Engineer](https://hotfix.jobs/jobs/bda1fbe8-25da-4d58-8699-ce547f7bdf6e) - Plaid - New York, NY - $222k – $328k/yr
- [Staff+ Application Security Engineer](https://hotfix.jobs/jobs/176eddbe-ab46-4c6b-b459-b97404661b42) - Anthropic - San Francisco, CA - $320k – $485k/yr
- [Staff Security Risk & Compliance Program Manager](https://hotfix.jobs/jobs/69a879b7-e372-4ca2-a954-f0c78526aa69) - Confluent - Remote - $222k – $261k/yr
- [Senior/Staff Infrastructure Security Engineer](https://hotfix.jobs/jobs/b10a4e47-d210-46ca-8e32-a9d8992f41f8) - Abridge - Remote - $214k – $252k/yr

**Apply:** https://hotfix.jobs/jobs/229124aa-0c5d-4903-8be3-cb487420f73c
**Canonical:** https://hotfix.jobs/jobs/229124aa-0c5d-4903-8be3-cb487420f73c