Key skills
Cloud Security AWSCloud Security GCPApplication Security (AppSec)Security Configuration ManagementEndpoint DetectionResponse (EDR)Scripting PythonScripting GoScripting ShellVulnerability ManagementSIEM/SOAR PlatformsCommunication SkillsPythonGoShellAWSGCPTerraformCloudFormationLambdaIAMSDLCCommunicationPenetration TestingCloud SecurityZero Trust
About this role
Acorns is a financial wellness app dedicated to helping individuals and families save and invest money. They are seeking a Cybersecurity Engineer I to join their Global Infosec team, focusing on securing platforms, applications, and infrastructure to protect the financial well-being of their customers.
Responsibilities:
- Design, deploy, and manage security tools and infrastructure to detect and prevent threats across cloud (AWS and GCP), corporate, and product environments
- Work collaboratively with engineering and product teams to integrate security into the SDLC (Secure Software Development Life Cycle) via threat modeling, code reviews, and automated testing
- Conduct security assessments, penetration testing, and vulnerability management to identify and remediate risks in our applications and services
- Serve as an escalation point for security incidents, assisting with investigation, response, and post-incident analysis to continuously improve our security posture
- Automate security tasks and implement 'security-as-code' practices to scale our security efforts efficiently
- Secure endpoints and manage Endpoint Detection and Response (EDR), Data Loss Prevention, MDM (Mobile Device Management), Zero Trust, Patching, and Configuration Management for corporate and production assets
- Stay current with the latest cybersecurity threats, trends, and technologies, recommending proactive measures to enhance defense mechanisms
Requirements:
- 3+ years of professional experience in a dedicated cybersecurity role, focusing on application, infrastructure, or cloud security
- Demonstrated experience with Application Security (AppSec) principles, including secure coding practices, static/dynamic analysis (SAST/DAST) tools, and conducting security design reviews (threat modeling)
- Proven expertise with securing cloud environments, preferably AWS, including knowledge of services like IAM, Security Hub, GuardDuty, and Lambda
- Strong hands-on experience in Security Configuration Management, ensuring infrastructure as code (IaC) templates (e.g., Terraform, CloudFormation) and production systems adhere to security baselines
- Experience implementing and managing Endpoint Detection and Response (EDR) or other endpoint security solutions for corporate and production assets
- Strong hands-on experience with vulnerability scanners and SIEM/SOAR platforms
- Proficiency in at least one scripting language (e.g., Python, Go, or Shell) for automation and tool development
- Excellent communication skills with the ability to articulate complex security risks and solutions to technical and non-technical stakeholders