Information Security Engineer
Greater LA Area
Aspiration is the leading socially conscious retail fintech startup with close to 1 million people signed up, over $80m in capital raised, and customer satisfaction (NPS) scores that far exceed those of big bank competitors. Aspiration has won a number of awards, including Fast Company’s World’s Most Innovative Companies 2018, and set out to be the world’s leading socially responsible financial firm. We offer unique financial products to let people save, spend, and invest their money in ways that align with their personal values. Unlike other financial institutions, we’re committed to building a relationship with our customers based on trust and aligning the customer’s success with our own.
The Information Security Engineer I is responsible for assisting with the implementation and maintenance of the corporate information security program to ensure the confidentiality, integrity, and availability of Aspiration data assets. The program includes: enforce policies, standards, guidelines, and controls to manage and prevent risk to Aspiration. The incumbent is responsible for reviewing and maintaining the configuration of security system and tools, reviewing reports and log output from security systems to ensure normal operations and detection of anomalous behavior; performing application and process security reviews as needed, and defining user access and segregation controls for new processes and applications.
What You'll Do
- Administer and maintain security systems and tools, including software updates, configuration and control reviews.
- In coordination with the Information Technology department, ensure new employees are properly onboarded and exiting employees are promptly offboarded
- Review output from security systems and tools (reports and log data) to ensure normal operations and detection of anomalous behavior
- Work with vendors and third parties to understand their processes, technology and/or applications to appropriate security controls are in place to protect Aspiration and its data
- Conduct security reviews against new processes, technology, and applications
- Safeguard sensitive information by working with business units and vendors/third parties to determine and enforce appropriate access levels
- Identify regulatory and legal requirements that may affect data and application security policy, standards, and procedures. Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud scams, and best practices and tools available for system/network protection. Train users and promote security awareness to ensure system security.
- Exercise appropriate levels of discretion and confidentiality when addressing security-related incidents.
- Assist in internal and external audit requests. Ensures Aspiration data is securely protected from internal and external, intentional and unintentional access, alteration and deletion.
What You'll Bring
- Knowledge, Skills and Abilities
- Knowledge and understanding of a “cloud-first” architecture and a hybrid or on-premise architectures. Pros and cons.
- Knowledge of regulations and policies pertaining to information security.
- Strong analytical skills to analyze and solve problems.
- Good communication skills both written and orally.
- Must be organized and be able to communicate effectively with a wide variety of users indifferent locations.
- Ability to interact with staff, members and others encountered in the course of work.
- Ability to learn and apply new information or skills.
- Ability to observe and interpret people and situations.
- Understanding of the following technologies and concepts:WirelessNetworkingSingle sign-on and SAML
- Education, Training and Experience
- Potential candidates for this position should meet the following requirements:
- Bachelor's degree in computer science, information security, engineering, or related technology field.
- Minimum two years of relevant experience in IT and Information Security.
- Previous fintech, banking, credit union, investment firm, or mortgage industry knowledge a plus, but not required.
- Relevant security or auditing certifications such as: Security+, GSEC, CISA, or CRISC or completion of relevant coursework in information security working toward a certification.
What You'll Get
- Making an impact for a company with a mission of transforming the financial industry and the lives of millions.
- Competitive salary and equity incentives.
- Robust healthcare plans, 401K and unlimited vacation time.
- Dog-friendly office in beautiful Marina del Rey with an in-office gym.
- Diverse & inclusive culture.
Read Full Job Description