Security Operations Engineer

Alpaca is a US-headquartered self-clearing broker-dealer and brokerage infrastructure for stocks, ETFs, options, crypto, fixed income, 24/5 trading, and more. Our recent Series D funding round brought our total investment to over $320 million, fueling our ambitious vision.

Who We Are

Alpaca is a licensed financial services company, serving hundreds of financial institutions across 40 countries with our institutional-grade APIs. This includes broker-dealers, investment advisors, wealth managers, hedge funds, and crypto exchanges, totalling over 9 million brokerage accounts. Our global team is a diverse group of experienced engineers, traders, and brokerage professionals who are working to achieve our mission of opening financial services to everyone on the planet. We’re deeply committed to open-source contributions and fostering a vibrant community, continuously enhancing our award-winning, developer-friendly API and the robust infrastructure behind it.

Our Team Members

We’re a dynamic team of 230+ globally distributed members who thrive working from our favourite places around the world, with teammates spanning the USA, Canada, Japan, Hungary, Nigeria, Brazil, the UK, and beyond! We’re searching for passionate individuals eager to contribute to Alpaca’s rapid growth. If you align with our core values—Stay Curious, Have Empathy, and Be Accountable—and are ready to make a significant impact, we encourage you to apply.

Your Role

We are seeking a Security Operations Engineer to mature Alpaca’s day-to-day security operations. This role will be responsible for managing our third-party SOC relationship, operating and tuning our on-prem SIEM, and acting as a critical bridge between IT Helpdesk and the Security team to ensure security issues are identified, triaged, and resolved quickly and consistently. You will be both hands-on and operationally minded: improving detection quality, streamlining alert triage, coordinating incident response, and ensuring security operations scale with the business. You’ll play a key role in turning security signals into action and ensuring operational issues don’t become security incidents. This role reports to the Enterprise Security Architect and works closely with IT, DevOps, Engineering, and our external SOC partner. The Security Team is 100% distributed and remote.

Things You Get To Do

• Security Operations and Detection Engineering

• Security Operation Center: Own the relationship with our managed SOC, including alert quality, escalation workflows, SLAs, runbooks, and continuous improvement of detection coverage and response effectiveness. Assist with triage, investigations, and respond to security alerts across endpoints, identity, cloud, network, and application logs.
• SIEM Management: Operate and maintain our SIEM, including log onboarding, parsing, normalization, correlation rules, alert tuning, and lifecycle management to reduce noise and increase signal.
• Log Coverage & Telemetry: Ensure critical systems generate the right security telemetry, filling gaps across endpoints, identity providers, network devices, SaaS tools, and cloud platforms.
• Detection Improvements: Continuously refine detection logic based on threat intelligence, SOC feedback, incident learnings, and emerging attack techniques.

• Incident Handling: Assist with security incidents, working with IT, Engineering, and external partners to contain, eradicate, and recover from incidents.
• Runbooks & Playbooks: Develop, maintain, and continuously improve incident response playbooks, escalation paths, and communication procedures.
• Operational Metrics: Track and report on key security operations metrics such as alert volumes, false positive rates, mean time to detect (MTTD), mean time to respond (MTTR), and SOC performance.

• Bridge IT and Security: Act as the security liaison to the IT Helpdesk, ensuring security-related tickets are properly triaged, prioritized, and resolved without slowing down business operations.
• Security Enablement: Provide guidance and context to IT teams on security alerts, risks, and required actions, helping raise the overall security maturity of frontline support teams.

Who You Are (Must-Haves)

• Excited about Alpaca’s mission and what we’re building
• 3+ years of experience in Security Operations roles
• Hands-on experience operating and tuning a SIEM (on-prem or cloud-based)
• Hands-on experience maintaining Kubernetes clusters
• Working with Linux Scripting or automation experience (Python, Bash) for security operations tasks
• Experience working with a third-party SOC or MSSP
• Strong incident response and alert investigation skills across identity, endpoint, network, and cloud environments
• Understanding of common attacker techniques and detection methodologies
• Experience working closely with IT/helpdesk teams and translating security requirements into operational workflows
• Familiarity with endpoint security, identity monitoring, and log-based detections
• Strong written and verbal communication skills, especially during incidents
• Comfortable working cross-functionally and handling escalations calmly and decisively

Who You Might Be (Nice-to-Haves)

• Experience securing financial, trading, or other highly regulated platforms
• Familiarity with compliance frameworks such as SOC 2, ISO 27001, or PCI
• Experience with detection engineering frameworks (MITRE ATT&CK)
• Knowledge of cloud security logging (AWS/GCP/Azure) and SaaS security telemetry
• Experience working with GitOps and CI/CD pipelines
• Experience running tabletop exercises or incident response simulations
• Security certifications (GCIA, GCIH, GCED, CISSP, or similar)
• Ability to balance security rigor with operational efficiency and business needs

How We Take Care of You

• Competitive Salary & Stock Options
• Health Benefits
• New Hire Home-Office Setup: One-time USD $500
• Monthly Stipend: USD $150 per month via a Brex Card

Alpaca is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.