Cyber Threat Engineer at M1 (Chicago, IL)
Who we are
M1 Finance has created a personal wealth-building platform made for the modern era, uniting personal perspective and automated ease. We seamlessly combine free investing, low cost borrowing and digital checking all in one intuitive, automated Finance Super App, and we’re driven by a mission to empower personal financial well-being. We believe that financial well-being is fundamental to overall well-being, and we strive to deliver products that are simpler, smarter, and stronger than those created by our staid, boring, entrenched, slow-moving competitors in the personal finance industry.
Our clients have already trusted us with over $5 billion of assets, we’re currently helping hundreds of thousands of people grow and manage their wealth with our industry-leading automation and tools, and we’re adding thousands of new clients every day.
We’re looking for passionate people who want to improve and build on what we’ve created and take responsibility to help others build something meaningful and sustainable for their futures.
We mean it when we say, “M1 is yours to build.”
If this sounds interesting to you, we’d love to have you read on.
What You'll Do
- Focus on our security profile from the data level.
- Perform threat modeling with team to help advise on security priorities.
- Advise and implement security practices based on where our data is, what our data is and who has/needs access to that data.
- Review, model and help implement IAM/RBAC/SOD in cloud environment
- Work with Data team to advise on security best practices for third-party data security—helping build a zero-trust environment
- Research incidents to rectify security weaknesses
- Working with InfoSec Program management ensure security compliance objectives are met.
- Guide security Risk management
- You love data and you love security
- Experience developing, deploying and auditing risk management program
- Experience with threat modeling methods and experience implementing (e.g. Trike, VAST, PASTA, OCTVA, STRIDE, etc.).
- Familiarity with modern data security best practices.
- Familiarity with cloud security controls and best practices.
- Experience with third-party risk management
- Able to work across teams to tackle complex issues
- Proven track record of positively contributing to a collaborative team in a remote environment
- Entrepreneurial spirit, self-motivated, growth-minded
Our team embodies our eight core principles and if these principles speak to you – we’d love to talk with you.
- Mission Driven: We will passionately apply ourselves to deliver immense value to our customers, knowing if they succeed, so too will the company.
- Extreme Ownership: We think and act like owners. Our focus is on building long-term value, not scoring short-term marks. We own everything in our domain, including the outcome and everything that affects it.
- Boldness: We want to do things of consequence. Make a difference. We would rather fail at something meaningful than succeed at something trivial.
- Bias for action: The best way to make progress is to act.
- Economical: Efficiency is important, and we consider both the costs and benefits of our actions.
- Team-oriented: In working together, we maintain a low ego, make everyone feel welcome, assume good intent, trust one another, and seek out different perspectives. We empower our teammates to be at their best.
- Challenged, but not overwhelmed: We are curious people who always want to grow. Growth happens outside our comfort zone. We achieve our potential through consistent, manageable growth.
- Integrity: We do the right thing. When we make mistakes, we own and correct them. We would be proud of our actions are shared with our family, friends, and strangers. Everyone can count on us to act according to our values, beliefs, and principles we state we hold. This trust must never be broken.
- Unlimited PTO
- Comprehensive health, dental, vision, disability, and life insurance
- Stock options for all employees
- Retirement benefit with employer match
- $500 to spend on home office equipment while working from home
- Stylish M1 swag
- Socially distant team outings, celebrations, and events
- Transparent and open communication
- Office in the Loop with a Game Room and Gym