Information Security Engineer
almost 2 years ago
Full time role
United States
United States
Job Description
Aspiration is in the business of fighting the climate crisis. We help people and businesses build sustainable impact into what they do every day by making it easy, automated, and powerful -- whether it is in the ways people spend and save their money or the ways businesses engage their customers and employees. The estimated cumulative climate impact of the Aspiration community thus far is the equivalent of taking every car in the state of Wyoming off the road for a year. Aspiration is a certified B Corporation and, in fact, has been named to the “Best for the World” list of the top five percent of highest scored certified B Corporations four years in a row. Aspiration has raised over $550M in funding to date and is growing quickly.
The Information Security Engineer is responsible for assisting with the implementation and maintenance of the corporate information security program to ensure the confidentiality, integrity, and availability of Aspiration data assets. The program includes the following: enforce policies, standards, guidelines, and controls to manage and prevent risk to Aspiration. The incumbent is responsible for reviewing and maintaining the configuration of security systems and tools, reviewing reports and log output from security systems to ensure normal operations and detection of anomalous behavior; performing application and process security reviews as needed, and defining user access and segregation controls for new processes and applications.
What You'll Do:Administer and maintain security systems and tools, including software updates, configuration, and control reviews.Review output from security systems and tools (reports and log data) to ensure normal operations and detection of anomalous behaviorWork with vendors and third parties to understand their processes, technology and/or applications to appropriate security controls are in place to protect Aspiration and its dataConduct security reviews against new processes, technology, and applicationsSafeguard sensitive information by working with business units and vendors/third parties to determine and enforce appropriate access levelsIdentify regulatory and legal requirements that may affect data and application security policy, standards, and procedures. Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud scams, and best practices and tools available for system/network protection. Train users and promote security awareness to ensure system security.Exercise appropriate levels of discretion and confidentiality when addressing security-related incidents.Assist in internal and external audit requests. Ensures Aspiration data is securely protected from internal and external, intentional, and unintentional access, alteration, and deletion.Optimize and streamline the current information security toolsets and processesDocument and update information security policies, procedures, and processes
What You'll Bring:Bachelor's degree in computer science, information security, philosophy/logic, engineering, or related technology field.Minimum 5 years of relevant experience in Information Security.Previous fintech, banking, credit union, investment firm, or mortgage industry knowledge is a plus, but not required.Knowledge and understanding of a “cloud-first” architecture Knowledge of regulations and policies pertaining to information security.Strong analytical skills to analyze and solve problems.Good communication skills both written and orally.Must be organized and be able to communicate effectively with a wide variety of users in different time zones.Ability to interact with staff, members and others encountered in the course of work.Ability to learn and apply new information or skills.Ability to observe and interpret people and situations.Knowledge and experience with the following modern security tools: SIEM, SSO, IDM, IAM, MDM, DLP, CASB, NGAV, Vulnerability Scanning, Application Security, etc.Datadog experience also a plus (Cloud SIEM & Application Posture Management)Knowledge of programming languages (e.g., Python and Go). Proficiency is a plusExperience designing and developing security solutionsExperience working with REST APIs and Web calls for data.Knowledge of Cloud Network Topologies and Securing Cloud InfrastructureExperience with Security Monitoring to fine tune security tools, create plans of actions/playbooksSecurity certifications a plus (AWS Security, GCP Security, CCSP, CISSP, CISM)Security DevOps experience also a plus
What You'll GetWork for a mission-driven company to transform the lives of millions by building a better, values-oriented financial firm.Opportunity to be part of and to contribute to ESG, as a steward of social and environmental change.Participation opportunities in Diversity, Equity and Inclusion employee activities and eventsRobust benefit offerings, including medical, dental, vision and 401k.Parental Leave expansion (12 weeks of paid leave over the course of a year)Pet Insurance and other voluntary benefit plan offeringsUnlimited vacation time and 80 hours of sick time annually12 Paid HolidaysWork from home setup and equipment reimbursementSemi - annual performance reviewsEmployee Referral Bonus Program
Aspiration is proud to be an ESG company. We are an equal opportunity workplace. Diversity at Aspiration is not just compliance-driven. Diversity is our compass to drive equitable practices; to celebrate individuality; and to foster the uniqueness within each of us that makes our products, services, and culture better than most. Yes, we are proud to be a DEI company and we encourage everyone, inside and outside of Aspiration, to show up as you are and as you want to be, every day.
This organization participates in E-Verify. Find more information here!
#BI-Remote #LI-Remote
The Information Security Engineer is responsible for assisting with the implementation and maintenance of the corporate information security program to ensure the confidentiality, integrity, and availability of Aspiration data assets. The program includes the following: enforce policies, standards, guidelines, and controls to manage and prevent risk to Aspiration. The incumbent is responsible for reviewing and maintaining the configuration of security systems and tools, reviewing reports and log output from security systems to ensure normal operations and detection of anomalous behavior; performing application and process security reviews as needed, and defining user access and segregation controls for new processes and applications.
What You'll Do:Administer and maintain security systems and tools, including software updates, configuration, and control reviews.Review output from security systems and tools (reports and log data) to ensure normal operations and detection of anomalous behaviorWork with vendors and third parties to understand their processes, technology and/or applications to appropriate security controls are in place to protect Aspiration and its dataConduct security reviews against new processes, technology, and applicationsSafeguard sensitive information by working with business units and vendors/third parties to determine and enforce appropriate access levelsIdentify regulatory and legal requirements that may affect data and application security policy, standards, and procedures. Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud scams, and best practices and tools available for system/network protection. Train users and promote security awareness to ensure system security.Exercise appropriate levels of discretion and confidentiality when addressing security-related incidents.Assist in internal and external audit requests. Ensures Aspiration data is securely protected from internal and external, intentional, and unintentional access, alteration, and deletion.Optimize and streamline the current information security toolsets and processesDocument and update information security policies, procedures, and processes
What You'll Bring:Bachelor's degree in computer science, information security, philosophy/logic, engineering, or related technology field.Minimum 5 years of relevant experience in Information Security.Previous fintech, banking, credit union, investment firm, or mortgage industry knowledge is a plus, but not required.Knowledge and understanding of a “cloud-first” architecture Knowledge of regulations and policies pertaining to information security.Strong analytical skills to analyze and solve problems.Good communication skills both written and orally.Must be organized and be able to communicate effectively with a wide variety of users in different time zones.Ability to interact with staff, members and others encountered in the course of work.Ability to learn and apply new information or skills.Ability to observe and interpret people and situations.Knowledge and experience with the following modern security tools: SIEM, SSO, IDM, IAM, MDM, DLP, CASB, NGAV, Vulnerability Scanning, Application Security, etc.Datadog experience also a plus (Cloud SIEM & Application Posture Management)Knowledge of programming languages (e.g., Python and Go). Proficiency is a plusExperience designing and developing security solutionsExperience working with REST APIs and Web calls for data.Knowledge of Cloud Network Topologies and Securing Cloud InfrastructureExperience with Security Monitoring to fine tune security tools, create plans of actions/playbooksSecurity certifications a plus (AWS Security, GCP Security, CCSP, CISSP, CISM)Security DevOps experience also a plus
What You'll GetWork for a mission-driven company to transform the lives of millions by building a better, values-oriented financial firm.Opportunity to be part of and to contribute to ESG, as a steward of social and environmental change.Participation opportunities in Diversity, Equity and Inclusion employee activities and eventsRobust benefit offerings, including medical, dental, vision and 401k.Parental Leave expansion (12 weeks of paid leave over the course of a year)Pet Insurance and other voluntary benefit plan offeringsUnlimited vacation time and 80 hours of sick time annually12 Paid HolidaysWork from home setup and equipment reimbursementSemi - annual performance reviewsEmployee Referral Bonus Program
Aspiration is proud to be an ESG company. We are an equal opportunity workplace. Diversity at Aspiration is not just compliance-driven. Diversity is our compass to drive equitable practices; to celebrate individuality; and to foster the uniqueness within each of us that makes our products, services, and culture better than most. Yes, we are proud to be a DEI company and we encourage everyone, inside and outside of Aspiration, to show up as you are and as you want to be, every day.
This organization participates in E-Verify. Find more information here!
#BI-Remote #LI-Remote
Similar jobs
Mobilizing talent for a climate positive world