Security Operations Engineer
Arch · New York, New York, United States · $140K–$160K/yr
Financial Services · 2-10 employees
About the role
The role focuses on owning vulnerability scanning, triage, and remediation tracking while maintaining the SIEM/SOC stack. Additionally, the engineer will improve security logging and audit processes to support SOC 2 and ISO 27001 compliance.
What they look for
Requirements
Candidates need hands-on experience with vulnerability management, detection engineering, and AWS cloud infrastructure security. Proficiency in scripting languages like Python, Bash, or Go and a strong understanding of security frameworks are required.
Benefits
Full description
Our Company
Arch is a Series B financial technology company that automates the management of private investments, improving access, understanding, and the human experience of investing across asset classes.
Private investments such as venture capital, hedge funds, and private equity, make up roughly 25% of the investment universe. Traditionally, investors, advisors, banks, families, and managers track hundreds of investments in complicated spreadsheets, file folders, and busy inboxes. Not only is this tedious and time-consuming, but it is rife with opportunity for manual data entry errors, inconsistent reporting, and lost information. Enter, Arch.
Arch delivers standardized data, documents, and insights in a single platform, avoiding the need to chase information across dozens or hundreds of ‘portals’. Our purpose is to save investors’ time while empowering them to make more informed investment decisions, leading to better financial outcomes.
We are a fast-growing, dynamic team of 200+, serving over 400 clients, including several of America’s largest banks, families, and financial institutions. We’ve over doubled the size of the company every year since inception and we are looking to hire in all departments as we scale.
The Role:
As a Security Operations Engineer, you'll join our small, growing security team in a hands-on, execution-focused role supporting our vulnerability management and detection programs. This is a critical role — you'll be the bridge between security findings and engineering teams, making sure our tools, processes, and compliance posture stay effective as Arch scales. You'll work across the organization on a variety of security projects, from vendor due diligence to infrastructure security checks.
Your responsibilities will include:
- Own vulnerability scanning, triage, and remediation tracking, coordinating with engineering teams to make sure patches get deployed.
- Maintain our SIEM/SOC stack and build and refine detections for DLP, IoC, and cloud vulnerabilities.
- Maintain and improve security logging and audit processes to support SOC 2 and ISO 27001 requirements.
- Support the team on infrastructure security checks and assist with security investigations.
- Engage in cross-functional projects as a core member of a small, nimble team — including managing vendor security due diligence, refining IT asset management, and owning various security tasks based on team priorities.
Reach out to us if you have:
- Experience working in a small, fast-paced security team.
- Hands-on experience with vulnerability management (CVSS, patch lifecycles) and detection engineering (SIEM, log analysis, alerting).
- An understanding of security fundamentals (OWASP, NIST, CIS Benchmarks, SOC 2).
- Experience with cloud infrastructure security, specifically AWS (IAM, VPC, Secrets Manager).
- Proficiency in scripting and automation (Python, Bash, or Go) and basic familiarity with reading code to assist with security investigations or automation tasks.
- A collaborative mindset and willingness to tackle a variety of security tasks across the team.
Bonus points if you have:
- Familiarity with Infrastructure as Code security (e.g., Terraform) or CI/CD pipeline security and automated scanning tools (e.g., Snyk).
- Prior experience with threat modeling or security design reviews.
- Relevant industry certifications (e.g., Security+, CISSP, AWS Certified Security).
A Note about us:
Most of our full-time roles are based onsite at our New York City office, where our team thrives on in-person collaboration and dynamic teamwork. Being onsite daily enables us to build strong connections, move quickly, and deliver exceptional service to our clients.
For select roles, we are also open to candidates based in Boston. If a role is open to Boston, it will be listed explicitly in the job location.
We encourage applicants who are located in or open to relocating to the listed location to apply and join us in this hands-on, collaborative environment
Some perks of working for Arch include:
- Strong Team - You’ll be backed by a strong team that consistently exceeds client expectations and ships new products quickly.
- Your work is high impact - Being part of a small team means you have real responsibility and impact from day one. You'll be involved in discussions that drive the growth and direction of our platform from the very beginning.
- Product Market Fit - We have strong product market fit, exceptionally low churn, and have grown mostly organically through word of mouth.
- Team community and camaraderie - We have enormous trust in each other and always do what we can do to support one another. We're always ready to step in to help.
- Great office: Our new home at 199 Water Street gives us a beautiful, energizing space to come together as a team, collaborate more easily, and keep building the next chapter of Arch.
- Lunch is on Us - We’ll keep the team fueled with lunch in the office, whether you’re catching up with teammates, talking through an idea, or just taking a well-earned break.