Alpaca
Head of Compliance
$90,000 – $99,0003 days ago
Secure SDLC Integration: Embed security into CI/CD pipelines by implementing and owning secure controls, including Infrastructure as Code (IaC) scanning, Software Composition Analysis (SCA), secrets checks, policy-as-code, and deployment guardrails. Vulnerability Management: Lead the process of vulnerability and patch management, automating discovery, prioritization, and remediation across all cloud workloads and their dependencies. Platform Hardening: Strengthen cloud and Kubernetes environments through secure configurations, network segmentation, workload identity management, and automated compliance against industry standards (e.g., CSA Star). Supply Chain Security: Advance the security of the software supply chain, focusing on generating Software Bill of Materials (SBOMs), artifact signing, dependency governance, and implementing integrity controls. Secure Patterns: Create secure "paved roads" for developers, providing hardened IaC modules, templates, tooling, and comprehensive documentation.
Cyber Resilience: Own and validate cyber-resiliency standards (secure failover, secure backups, Disaster Recovery playbooks) through secure rehearsals to ensure both the availability and integrity of systems and data Security Deployment: Develop secure deployment patterns, such as canary rollouts, automated safe rollbacks, and guardrails to minimize blast radius Detection & Forensics: Improve detection and response capabilities by building high-signal alerts, enhancing forensic logging, and providing robust security telemetry. Partner with the SecOps team on incident handling Offensive Security: Alongside the Security team, help manage offensive security engagements (penetration testing, red team, bug bounty) and ensure findings are fed directly into remediation pipelines and risk prioritization
Design & Threat Modeling: Conduct security reviews and threat modeling for all new services and major architecture changes to ensure designs are secure-by-default Identity & Access Management (IAM): Strengthen the identity and access model by enforcing the principle of least privilege, strong authentication, and secure secrets lifecycle management Compliance & Audit: Support compliance and audit readiness by operationalizing security controls, producing necessary evidence, and maintaining the health of these controls
Security Champion: Champion a strong security culture by partnering with DevOps and Engineering teams to uplift secure coding practices and guide risk-based decision-making Metrics & Reporting: Define key security performance indicators (KPIs) such as time to detect, time to remediate, exposure scores, and percentage of infrastructure covered by automated controls, and report measurable improvements to leadership
Excited about Alpaca’s mission and what we’re building 5+ years of experience across DevSecOps, security engineering, or cloud security in a modern cloud-native environment Strong hands-on experience with CSPs, Kubernetes, Terraform, and container security Deep understanding of secure CI/CD, including IaC security, dependency/SCA, secrets scanning, and policy-as-code Solid background in identity & access security Experience automating vulnerability management and patching workflows across cloud and container ecosystems Strong familiarity with detection engineering, logging/telemetry, and partnering in incident response Proficient in a scripting/programming language (Python, Go, or similar) for automation and security tooling Comfortable working cross-functionally with DevOps and Engineering teams, explaining risk in practical terms, and influencing secure design Comfortable participating in on-call rotations
Competitive Salary & Stock Options Health Benefits New Hire Home-Office Setup: One-time USD $500 Monthly Stipend: USD $150 per month via a Brex Card
Alpaca is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce. Recruitment Privacy Policy