About us: Personal Capital transforms how you understand, manage and grow your net worth. It starts with providing real-time information about your finances via state-of-the-art technology, and personalized, expert guidance to ensure you’re always moving towards your financial goals.
Our award-winning online tools put all of your accounts, all in one place - including those not under our management. You’ll get real-time data that uncovers trends and accurately reflects your cash flow. And as fiduciaries, our advisors are legally bound to act in your best interest and will never put their personal financial gain above yours. This combination of transparency and independence creates an unprecedented level of insight, allowing your Personal Capital advisor to make recommendations tailored to you.
With over $4.5 billion in assets under management, and a million users of our free tools, Personal Capital is the smart way to manage your financial life. Our costs are significantly less than traditional financial advisors, with no hidden fees; we’ll never try to sell you something you don’t need.
Personal Capital. The modern way to track and manage your net worth.
The Opportunity: You will report to our CISO and work in tandem with our Engineering, DevOps and business line teams to build cutting edge security capabilities for our current and next technological platforms. As an horizontal capability, your work in the security team will lead you to engage with almost every part of the business and because our clients rely on us to securely manage their assets, your contribution as an information security professional is key to keeping our success.
The Candidate: We are looking for a passionate, curious and self-driven Security Engineer to help improve our overall security capabilities and work with teams across the enterprise to solve complex problems in innovative ways. We optimize for agility and speed so we are looking for a professional with a well rounded profile, strong foundations and a desire to learn new things.
The Work: You will work closely with our CISO to execute on the current portfolio of projects which can span across the entire spectrum of Information Security domains. As Personal Capital grows and refines its technology, the security team’s work is never done! The Security Engineer will have the following core responsibilities:
- Design, implement and monitor the company’s security controls across all business areas
- Assess and manage vulnerabilities and technological risks across all the environments
- Configure, administer, and operate security tools and capabilities
- Design, implement and care for our security tool stack including web security, Splunk logs and monitoring, access controls across our distributed cloud ecosystem and others
- Advise and support developers and DevOps engineers in securely implementing new innovations
- Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate
- Oversee every security incident that the company may face in alignment with our response processes
- Assess risk arising from third-parties, vendors and partners in our ecosystem and design bespoke controls to mitigate such risks
Required Skills and Experience:
- Bachelor’s degree or higher in Computer Science or related field
- Four years or more of information security experience, either in an internal security engineering, operations or consulting role
- Self-starter with solid collaboration mindset and communication skills
- Good practitioner’s understanding of secure application development best practices, such as OWASP
- Working knowledge of at least one security reference framework such as NIST or ISO
- Ability to code at least one scripting type language such as Python
- Experience working with and managing linux systems, ideally EC2 instances
- Working knowledge of networking security technologies (TCP/IP, HTTP, WiFi, Firewalls, IDS, etc.)
- Experience managing SaaS applications security such as Salesforce and managing AWS security
- Experience with identity and access management concepts such as SAML federation, OAUTH and MFA
- Experience with database technologies like MySQL and data schemas
- Good understanding of RESTful designs and cloud APIs
- Ability to manage one’s time, focus and priorities in a fast paced environment
- Unimpeachable integrity, character, courage and honesty
Desirable Skills and Experience
- Ability to code to automate security functions and processes
- Demonstrated interest and passion for information security through participation in industry events or competitions such as the National Cyber Defence Collegiate Competition
- Experience with red team exercises / penetration testing for both network and application stack
- Experience with Splunk or similar SIEM technology
- Ability to understand and/or code in Java
- Working knowledge of encryption and key management practices
- Experience in FinTech or Financial Services industry
- Information security certifications - CISSP preferred
- Amazon Web Services certification
Location: San Carlos, California.