Description
About The Role
SoFi is seeking an experienced Information Security professional to further its Application Security program. The ideal candidate comes with a strong background in offensive security and is able to implement scalable solutions to mitigate security threats.
As a member of the Information Security function, you will be part of a team of highly skilled engineers tuned-in to threat research and technical innovation. You will work closely with engineering teams and other business functions to tackle complex technical problems and build secure products.
At SoFi, you’ll become part of a new kind of finance company based around speed, transparency, and alignment with our members’ interests. Our goal is to be at the center of our members’ financial lives. We created student loan refinancing, addressing the biggest financial challenge of a new generation through a modern approach to lending and personal finance. We expanded into other types of loans, and then into insurance and wealth management with similarly inventive products and soon to be launched SoFi money a modern take on a checking or savings account. As the company has grown, we’ve been able to help more people with these tools. SoFi has achieved significant growth, with ambitious plans ahead, but to continue this growth we need great talent.
Responsibilities
Perform technical security assessments, pentests, code audits and design reviews
Develop solutions to scale security testing and enable engineering teams to identify security flaws pre-production
Act as advisor in the area of secure development and threat mitigation
Create and manage the bug bounty program
Demonstrate leadership through evangelizing security, identification of issues and driving resolution across corporate functions
Minimum qualifications
BS degree in Computer Science or related technical field or equivalent practical experience
2+ years of experience in application security testing
Strong knowledge of web application security design, threats and mitigations
Practical experience in security engineering, authentication standards (OAUTH, JWT, etc.) and applied cryptography
Develop and execute secure application development training exercises
Self-starter with strong interpersonal and communication skills
Preferred qualifications
Software development experience in Java, Javascript and interpreted languages (Perl, Python, etc)
Experience in mobile security design and assessment
Working knowledge of Amazon Web Services (AWS) security
Experience developing security tools
Benefits
Lunch Stipend, a fully stocked kitchen, and subsidized gym membership.
Competitive salary packages and bonuses.
A flexible vacation policy allows you to truly relax and reboot.
Comprehensive health, vision, dental, and life insurance as well as disability benefits.
100% of health, vision, and dental premiums paid by SoFI for employees and their dependents.
401(k) and education on retirement planning.
Tuition reimbursement on approved programs, up to $5,250 a year.
Monthly contribution to help you pay off your student loans.
Sep 20, 2018
Full time
Description
About The Role
SoFi is seeking an experienced Information Security professional to further its Application Security program. The ideal candidate comes with a strong background in offensive security and is able to implement scalable solutions to mitigate security threats.
As a member of the Information Security function, you will be part of a team of highly skilled engineers tuned-in to threat research and technical innovation. You will work closely with engineering teams and other business functions to tackle complex technical problems and build secure products.
At SoFi, you’ll become part of a new kind of finance company based around speed, transparency, and alignment with our members’ interests. Our goal is to be at the center of our members’ financial lives. We created student loan refinancing, addressing the biggest financial challenge of a new generation through a modern approach to lending and personal finance. We expanded into other types of loans, and then into insurance and wealth management with similarly inventive products and soon to be launched SoFi money a modern take on a checking or savings account. As the company has grown, we’ve been able to help more people with these tools. SoFi has achieved significant growth, with ambitious plans ahead, but to continue this growth we need great talent.
Responsibilities
Perform technical security assessments, pentests, code audits and design reviews
Develop solutions to scale security testing and enable engineering teams to identify security flaws pre-production
Act as advisor in the area of secure development and threat mitigation
Create and manage the bug bounty program
Demonstrate leadership through evangelizing security, identification of issues and driving resolution across corporate functions
Minimum qualifications
BS degree in Computer Science or related technical field or equivalent practical experience
2+ years of experience in application security testing
Strong knowledge of web application security design, threats and mitigations
Practical experience in security engineering, authentication standards (OAUTH, JWT, etc.) and applied cryptography
Develop and execute secure application development training exercises
Self-starter with strong interpersonal and communication skills
Preferred qualifications
Software development experience in Java, Javascript and interpreted languages (Perl, Python, etc)
Experience in mobile security design and assessment
Working knowledge of Amazon Web Services (AWS) security
Experience developing security tools
Benefits
Lunch Stipend, a fully stocked kitchen, and subsidized gym membership.
Competitive salary packages and bonuses.
A flexible vacation policy allows you to truly relax and reboot.
Comprehensive health, vision, dental, and life insurance as well as disability benefits.
100% of health, vision, and dental premiums paid by SoFI for employees and their dependents.
401(k) and education on retirement planning.
Tuition reimbursement on approved programs, up to $5,250 a year.
Monthly contribution to help you pay off your student loans.
Robinhood is democratizing access to America’s financial system. Our platform offers commission-free investing in U.S. stocks, ETFs, options, and cryptocurrencies. Robinhood Financial, our broker-dealer, is the fastest-growing brokerage ever, with over four million users and billions of dollars in transaction volume. Robinhood has received the Apple Design Award, the Google Material Design Award, and was named Fast Company’s 11th Most Innovative Company in the World.
We’re backed with $539 million in capital from top-tier investors such as DST Global, NEA, Index Ventures, Thrive Capital, Sequoia, and KPCB, and valued at $5.6 billion. Robinhood is based in Menlo Park, California with a regional office in Lake Mary, Florida.
About the Role
The Securities Lending Operations Manager will be responsible for designing and executing Robinhood Securities’ Securities Lending back office function, so it scales to support Robinhood’s ambitious growth plans for Securities Lending. The candidate will design, implement, iterate on, and oversee our securities lending back-office areas: new account onboarding, securities lending trade processing and settlements, buy ins, recalls, call-backs, fully paid program (tracking, compliance, payment) and regulatory reporting. The candidate will also oversee processes including operational issues, new strategy implementation and product offerings. They will be responsible for managing regulatory risk and for compliance with Firm policy, SEC rules, and FINRA regulations. The candidate will also work cross-functionally to champion a compliant culture and business.
As a Securities Lending Operations Manager you'll:
Design and test operational procedures and processes for all aspects of Securities Lending including the fully paid program.
Adhere to and remain compliant with Robinhood Securities’ back office related Written Supervisory Procedures.
Lead the operations team in processing Robinhood Securities’ regulatory inquiries, reporting and audits.
Manage and resolve escalated issues from trading and operations.
Liaise with compliance, trading, and business management to ensure strategies are implemented and objectives are met.
Coordinate operations team roles and responsibilities with the business.
Review workflow process, develop strategy and employ tactics for the day to day operations of the back office.
Some things we consider critical for the role:
Ability to learn quickly, think critically and apply problem-solving skills to resolve issues and implement process improvements.
Trustworthy, self-motivated and able to thrive in an entrepreneurial environment.
Great communication and relationship management skills.
A passion for Robinhood’s product and our mission to democratize access to America’s Financial System.
Bachelor’s degree from an accredited institution.
FINRA Series 7 or 99.
5+ years working in Securities lending back office operations.
Experience working with regulators and/or completing an SRO audit.
Sep 19, 2018
Full time
Robinhood is democratizing access to America’s financial system. Our platform offers commission-free investing in U.S. stocks, ETFs, options, and cryptocurrencies. Robinhood Financial, our broker-dealer, is the fastest-growing brokerage ever, with over four million users and billions of dollars in transaction volume. Robinhood has received the Apple Design Award, the Google Material Design Award, and was named Fast Company’s 11th Most Innovative Company in the World.
We’re backed with $539 million in capital from top-tier investors such as DST Global, NEA, Index Ventures, Thrive Capital, Sequoia, and KPCB, and valued at $5.6 billion. Robinhood is based in Menlo Park, California with a regional office in Lake Mary, Florida.
About the Role
The Securities Lending Operations Manager will be responsible for designing and executing Robinhood Securities’ Securities Lending back office function, so it scales to support Robinhood’s ambitious growth plans for Securities Lending. The candidate will design, implement, iterate on, and oversee our securities lending back-office areas: new account onboarding, securities lending trade processing and settlements, buy ins, recalls, call-backs, fully paid program (tracking, compliance, payment) and regulatory reporting. The candidate will also oversee processes including operational issues, new strategy implementation and product offerings. They will be responsible for managing regulatory risk and for compliance with Firm policy, SEC rules, and FINRA regulations. The candidate will also work cross-functionally to champion a compliant culture and business.
As a Securities Lending Operations Manager you'll:
Design and test operational procedures and processes for all aspects of Securities Lending including the fully paid program.
Adhere to and remain compliant with Robinhood Securities’ back office related Written Supervisory Procedures.
Lead the operations team in processing Robinhood Securities’ regulatory inquiries, reporting and audits.
Manage and resolve escalated issues from trading and operations.
Liaise with compliance, trading, and business management to ensure strategies are implemented and objectives are met.
Coordinate operations team roles and responsibilities with the business.
Review workflow process, develop strategy and employ tactics for the day to day operations of the back office.
Some things we consider critical for the role:
Ability to learn quickly, think critically and apply problem-solving skills to resolve issues and implement process improvements.
Trustworthy, self-motivated and able to thrive in an entrepreneurial environment.
Great communication and relationship management skills.
A passion for Robinhood’s product and our mission to democratize access to America’s Financial System.
Bachelor’s degree from an accredited institution.
FINRA Series 7 or 99.
5+ years working in Securities lending back office operations.
Experience working with regulators and/or completing an SRO audit.
Robinhood is changing the way America invests. We believe our financial system should work for everyone and not just a few. We offer commission-free trading for stocks, ETFs, options, and cryptocurrencies—all in one, user-friendly platform. Since our public launch in 2015, we’ve enabled millions of people to participate in the markets, cementing us as the fastest-growing brokerage ever.
About the Role
We are looking for a Software Engineer to work within our Security Engineering team to build tools and services that secure our platform and our users. As a Software Security Engineer, you will be responsible for building services that protect our users from attacks such as account takeover, phishing, and other such common attacks. You will also work with the backend engineering team to build out microservices that our APIs can interact with for central services such as authentication, authorization, and risk monitoring. You will be critical in further developing our user trust and safety infrastructure to ensure that our users’ data and information is protected using the best mechanisms available. You will work with our data science team to understand risk and attack patterns to build threat intelligence tools to help predict potential attacks against the platform and defend against these patterns as well.
As a Software Security Engineer you will:
Build microservices for core infrastructure such as authentication
Work with the product and backend engineering teams to build a user trust and safety product
Work with the security team to fix any security bugs that are identified
Work with the data science team to use patterns of suspicious activity to proactively build tools to prevent such activity.
Some things we consider critical to being a Software Security Engineer :
5+ years of experience in Software Engineering
Familiarity with AWS or other cloud systems
Familiarity with Docker, Kubernetes, or other container based systems.
Proficiency in Python, or similar dynamic programming language.
Proficiency in SQL and SQL-like databases
Experience building standalone APIs that can be consumed by various types of clients
Experience working with Security, DevOps, and Incident Response teams.
Nice to haves:
Experience with deployment tools such as SaltStack, Ansible, etc.
Experience with web frameworks (EmberJS, ReactJS, etc.)
Experience with data warehousing and data analysis
Experience in Finance and portfolio trading.
Sep 19, 2018
Full time
Robinhood is changing the way America invests. We believe our financial system should work for everyone and not just a few. We offer commission-free trading for stocks, ETFs, options, and cryptocurrencies—all in one, user-friendly platform. Since our public launch in 2015, we’ve enabled millions of people to participate in the markets, cementing us as the fastest-growing brokerage ever.
About the Role
We are looking for a Software Engineer to work within our Security Engineering team to build tools and services that secure our platform and our users. As a Software Security Engineer, you will be responsible for building services that protect our users from attacks such as account takeover, phishing, and other such common attacks. You will also work with the backend engineering team to build out microservices that our APIs can interact with for central services such as authentication, authorization, and risk monitoring. You will be critical in further developing our user trust and safety infrastructure to ensure that our users’ data and information is protected using the best mechanisms available. You will work with our data science team to understand risk and attack patterns to build threat intelligence tools to help predict potential attacks against the platform and defend against these patterns as well.
As a Software Security Engineer you will:
Build microservices for core infrastructure such as authentication
Work with the product and backend engineering teams to build a user trust and safety product
Work with the security team to fix any security bugs that are identified
Work with the data science team to use patterns of suspicious activity to proactively build tools to prevent such activity.
Some things we consider critical to being a Software Security Engineer :
5+ years of experience in Software Engineering
Familiarity with AWS or other cloud systems
Familiarity with Docker, Kubernetes, or other container based systems.
Proficiency in Python, or similar dynamic programming language.
Proficiency in SQL and SQL-like databases
Experience building standalone APIs that can be consumed by various types of clients
Experience working with Security, DevOps, and Incident Response teams.
Nice to haves:
Experience with deployment tools such as SaltStack, Ansible, etc.
Experience with web frameworks (EmberJS, ReactJS, etc.)
Experience with data warehousing and data analysis
Experience in Finance and portfolio trading.
We are looking for Security Engineers who are security subject matter experts and can be primary points of contact for our developers. You will solve security challenges by working directly with fellow engineers, balancing product developments against security risk solutions that allow us to deliver product quickly and securely.
We also think it is very important to provide this knowledge and insight to our customers as well. So along with making sure that our internal systems are healthy and secure, you would also be expected to democratize that learning to our customers. This is a good summary of what we are trying to accomplish with this role: https://medium.com/synapsefi/security-as-a-service-c5c71c8f47d 0.
In order to be successful at Synapse, you should have:
A drive to help democratize best in class financial products
An ability to work independently within a small, fast-paced team
An entrepreneurial spirit and unrelenting passion to deliver the best service possible
The ability to implement feedback, learn quickly, and contribute new ideas
A general concern for the wellbeing of others and the desire to work on problems that maximize a positive future for humanity
Key Qualifications:
Strong understanding of OWASP Top 10
Familiarity with testing tools like Burp Suite
Deep knowledge of HTTP and other basic web protocols
Minimum two years of work experience
Perks:
Growth Potential
Competitive Salary
Insurance (Health // Dental // Vision)
401(k)
Temporary Housing (for those relocating to San Francisco)
Catered lunch and commuter benefits
Compensation:
$70K - $90K
0.0% - 0.007%
We are looking for top notch individuals who are seeking a challenge. Our company is growing quickly. This is an exciting time to join our team. If you are interested in adding value to our team, please apply and we will be in touch.
Sep 11, 2018
Full time
We are looking for Security Engineers who are security subject matter experts and can be primary points of contact for our developers. You will solve security challenges by working directly with fellow engineers, balancing product developments against security risk solutions that allow us to deliver product quickly and securely.
We also think it is very important to provide this knowledge and insight to our customers as well. So along with making sure that our internal systems are healthy and secure, you would also be expected to democratize that learning to our customers. This is a good summary of what we are trying to accomplish with this role: https://medium.com/synapsefi/security-as-a-service-c5c71c8f47d 0.
In order to be successful at Synapse, you should have:
A drive to help democratize best in class financial products
An ability to work independently within a small, fast-paced team
An entrepreneurial spirit and unrelenting passion to deliver the best service possible
The ability to implement feedback, learn quickly, and contribute new ideas
A general concern for the wellbeing of others and the desire to work on problems that maximize a positive future for humanity
Key Qualifications:
Strong understanding of OWASP Top 10
Familiarity with testing tools like Burp Suite
Deep knowledge of HTTP and other basic web protocols
Minimum two years of work experience
Perks:
Growth Potential
Competitive Salary
Insurance (Health // Dental // Vision)
401(k)
Temporary Housing (for those relocating to San Francisco)
Catered lunch and commuter benefits
Compensation:
$70K - $90K
0.0% - 0.007%
We are looking for top notch individuals who are seeking a challenge. Our company is growing quickly. This is an exciting time to join our team. If you are interested in adding value to our team, please apply and we will be in touch.
DESCRIPTION
About Monese
At Monese we believe that access to banking and financial services is a right that everybody should enjoy. We are on a mission to ensure that anyone in the world who needs a bank account can get one. By using leading edge technology via smartphones, we offer services that are easy to access, simple to use and cheap to run for anybody.
The first Monese product already serves hundreds of thousands of customers in the UK and Europe, and we are adding new services on a regular basis.
Our fast-growing team is located in London, UK, Tallinn, Estonia and Lisbon, Portugal. By working with us, you will be part of a carefully selected team who are great at what they do and share the belief in our mission of making banking available to everybody. We’re not just a start-up with an idea; we have a proven business model that is growing exponentially and generates strong revenues.
Job Description
As IT Security Engineer at Monese you will be responsible for protecting the organisation’s computers, networks and data against threats, such as security breaches, computer viruses or attacks by cyber-criminals. You will be required to evaluate and identify any potential Security Threats to the business and to ensure the proper and robust risk mitigation systems are in place.
You will also ensure the appropriate Information and Cyber Security controls are effectively implemented and managed. You will be relied upon for carrying out good practice and behaviours in all the teams and informing Head of Internal IT where and when improvements need to be made.
Role responsibilities:
Provide guidance and assist business stakeholders with (IT) Governance and Information Security enterprise.
Manage security audits and report audit issues.
Educate and support the team leads on all IS matters.
Contribute to the future Information Security & Governance strategy Accountable for ISO 27001 ISMS maintenance and related activities.
Manage and maintain Information Security Audit program and Risk Event Register.
Ensure Monese is compliant with the GPDR legislation that must be enforced and of relevance to the appropriate running of Monese.
Audit and manage any reported breaches from the security auditor(s) and ensure the escalation of these reports according to the organisation’s policies.
Providing reporting on a monthly/bi-monthly/quarterly basis for the key stakeholders detailing any breaches.
Ensuring that all IT services are reliable and secure.
Proactively improving services security and quality.
Cooperating with Internal IT, software and quality engineers to ensure that all teams are on the same page with regards to IS.
REQUIREMENTS
Strong background and proven track record in IT (IT support, System Administration, Software Development)
3+ years of experience in IT security
Ideally IT Security / Computer Science related degree or certification
Have strong knowledge of IT systems, processes and controls
Understanding of Database, Networking and Systems
Experience with Antivirus software and web proxy management
Governance, Risk and Compliance (GRC) – Including ISO 27001, GDPR
Understanding of applicable UK law and regulations in relation to IT Security
Aware of current developments in IT security
A thorough understanding of information security principles
Strong analytical skills
Ability to prioritise tasks, communicate effectively and recognise the value of collaboration between team members
BENEFITS
Benefits of working at Monese:
Opportunities to progress in your career, being an essential part of a growing team and processes
An opportunity for independent and self-reliant work
Knowing your contributions matter on every level in making our product the best it can be
International team and fun office environment with plenty of perks
An incredible team of open-minded people dedicated to creating the best banking product yet
Stock options.
Sep 10, 2018
Full time
DESCRIPTION
About Monese
At Monese we believe that access to banking and financial services is a right that everybody should enjoy. We are on a mission to ensure that anyone in the world who needs a bank account can get one. By using leading edge technology via smartphones, we offer services that are easy to access, simple to use and cheap to run for anybody.
The first Monese product already serves hundreds of thousands of customers in the UK and Europe, and we are adding new services on a regular basis.
Our fast-growing team is located in London, UK, Tallinn, Estonia and Lisbon, Portugal. By working with us, you will be part of a carefully selected team who are great at what they do and share the belief in our mission of making banking available to everybody. We’re not just a start-up with an idea; we have a proven business model that is growing exponentially and generates strong revenues.
Job Description
As IT Security Engineer at Monese you will be responsible for protecting the organisation’s computers, networks and data against threats, such as security breaches, computer viruses or attacks by cyber-criminals. You will be required to evaluate and identify any potential Security Threats to the business and to ensure the proper and robust risk mitigation systems are in place.
You will also ensure the appropriate Information and Cyber Security controls are effectively implemented and managed. You will be relied upon for carrying out good practice and behaviours in all the teams and informing Head of Internal IT where and when improvements need to be made.
Role responsibilities:
Provide guidance and assist business stakeholders with (IT) Governance and Information Security enterprise.
Manage security audits and report audit issues.
Educate and support the team leads on all IS matters.
Contribute to the future Information Security & Governance strategy Accountable for ISO 27001 ISMS maintenance and related activities.
Manage and maintain Information Security Audit program and Risk Event Register.
Ensure Monese is compliant with the GPDR legislation that must be enforced and of relevance to the appropriate running of Monese.
Audit and manage any reported breaches from the security auditor(s) and ensure the escalation of these reports according to the organisation’s policies.
Providing reporting on a monthly/bi-monthly/quarterly basis for the key stakeholders detailing any breaches.
Ensuring that all IT services are reliable and secure.
Proactively improving services security and quality.
Cooperating with Internal IT, software and quality engineers to ensure that all teams are on the same page with regards to IS.
REQUIREMENTS
Strong background and proven track record in IT (IT support, System Administration, Software Development)
3+ years of experience in IT security
Ideally IT Security / Computer Science related degree or certification
Have strong knowledge of IT systems, processes and controls
Understanding of Database, Networking and Systems
Experience with Antivirus software and web proxy management
Governance, Risk and Compliance (GRC) – Including ISO 27001, GDPR
Understanding of applicable UK law and regulations in relation to IT Security
Aware of current developments in IT security
A thorough understanding of information security principles
Strong analytical skills
Ability to prioritise tasks, communicate effectively and recognise the value of collaboration between team members
BENEFITS
Benefits of working at Monese:
Opportunities to progress in your career, being an essential part of a growing team and processes
An opportunity for independent and self-reliant work
Knowing your contributions matter on every level in making our product the best it can be
International team and fun office environment with plenty of perks
An incredible team of open-minded people dedicated to creating the best banking product yet
Stock options.
At Symphony, we’re on a mission to help people communicate, collaborate and enjoy their work. Our secure messaging and meetings platform is changing the way people do business in information sensitive industries. Our customers are fast-paced, and rely on Symphony to keep up, while ensuring complete data privacy and information security.
We are seeking a passionate and experienced Information Security Analyst to augment our efforts in Vulnerability Management, including protection and understanding of risk in relation to business information assets and, building systems that are compliant & meet global security standards. This role reports to the Director of Infrastructure Security and helps protect the confidentiality, integrity and availability of information assets with a critical focus on Symphony’s vulnerability management program.
RESPONSIBILITIES:
Triage & Analyze reports from Symphony’s Bug Bounty Program and other external or internal sources, take appropriate action and respond to maintain Symphony’s level of security
Reproduce reported application vulnerabilities
Collaborate with colleagues at all levels of the organization, across all business and technology functions, in order to advance and support the vulnerability management program
Track, triage and schedule component vulnerabilities used across IT and Cloud infrastructures
Analyze, identify improvements, and optimize Symphony’s vulnerability management processes
Cross-train with team members on all other Infrastructure Security Tools such as SIEM, Firewall, monitoring tools
REQUIRED QUALIFICATIONS:
5-6 years’ relevant experience focused on vulnerability management for web applications
CISSP or relevant SANS certification
Proven experience of combined security and\or IT work experience in a position focused primarily on application security
Knowledge of Information Security standards and secure coding best practices
Experience with conducting network, operation system, database and/or vulnerability assessments and security configuration/hardening audits
Knowledge of Static and Dynamic Analysis tools (SAST/DAST) such as Veracode, Checkmarx, SonarQube, OWASP ZAP
Excellent Verbal and Written Communication Skills
Nice to have:
Java development background
Python and/or other scripting abilities
CEH or OSCP certification
ABOUT SYMPHONY:
Symphony transforms the way users communicate effectively and securely with a single workflow application. Forging a new path in the industry, Symphony is designed to help individuals, teams and organizations of all sizes improve productivity, while meeting complex data security and regulatory compliance needs. Symphony was founded in October 2014 and is headquartered in Palo Alto, CA, with offices in New York, Hong Kong, Singapore, Tokyo, Stockholm, Sophia-Antipolis and London.
Symphony has raised roughly $300 million from the world’s largest financial institutions and recognized investors such as Bank of America - Merrill Lynch, Barclays, BNP Paribas, Citibank, Goldman Sachs, JP Morgan Chase, BlackRock, Credit Suisse, Deutsche Bank, HSBC, Wells Fargo, UBS, Société Générale as well as Google.
We’re looking for top-notch talent to join our team to help us change the way the world communicates. If you have the skills and savvy to work with a world-class team and an appetite for game-changing disruption, we want to hear from you!
BENEFITS AND PERKS*:
Medical, dental, and vision coverage
401(K) plan
Life and AD&D coverage
Short-term and long-term disability coverage
Employee assistance program
Flexible spending account benefits
Unlimited vacation and sick time
Fully stocked kitchen and catered or reimbursed lunches
Discounted gym memberships
Many other fun and exciting benefits and activities!
COMPENSATION:
Competitive salary
Bonus Plan
Equity
*Benefits and Perks vary based on location.
Symphony reserves the right of ownership for all unsolicited resumes submitted for this requisition and is not responsible for any fees associated with unsolicited resumes. Symphony is an Equal Opportunity Employer. Symphony participates in E-Verify.
Any offer of employment is conditioned upon the completion of an I-9 form and submission of the appropriate documents for identity and work authorization.
Sep 07, 2018
Full time
At Symphony, we’re on a mission to help people communicate, collaborate and enjoy their work. Our secure messaging and meetings platform is changing the way people do business in information sensitive industries. Our customers are fast-paced, and rely on Symphony to keep up, while ensuring complete data privacy and information security.
We are seeking a passionate and experienced Information Security Analyst to augment our efforts in Vulnerability Management, including protection and understanding of risk in relation to business information assets and, building systems that are compliant & meet global security standards. This role reports to the Director of Infrastructure Security and helps protect the confidentiality, integrity and availability of information assets with a critical focus on Symphony’s vulnerability management program.
RESPONSIBILITIES:
Triage & Analyze reports from Symphony’s Bug Bounty Program and other external or internal sources, take appropriate action and respond to maintain Symphony’s level of security
Reproduce reported application vulnerabilities
Collaborate with colleagues at all levels of the organization, across all business and technology functions, in order to advance and support the vulnerability management program
Track, triage and schedule component vulnerabilities used across IT and Cloud infrastructures
Analyze, identify improvements, and optimize Symphony’s vulnerability management processes
Cross-train with team members on all other Infrastructure Security Tools such as SIEM, Firewall, monitoring tools
REQUIRED QUALIFICATIONS:
5-6 years’ relevant experience focused on vulnerability management for web applications
CISSP or relevant SANS certification
Proven experience of combined security and\or IT work experience in a position focused primarily on application security
Knowledge of Information Security standards and secure coding best practices
Experience with conducting network, operation system, database and/or vulnerability assessments and security configuration/hardening audits
Knowledge of Static and Dynamic Analysis tools (SAST/DAST) such as Veracode, Checkmarx, SonarQube, OWASP ZAP
Excellent Verbal and Written Communication Skills
Nice to have:
Java development background
Python and/or other scripting abilities
CEH or OSCP certification
ABOUT SYMPHONY:
Symphony transforms the way users communicate effectively and securely with a single workflow application. Forging a new path in the industry, Symphony is designed to help individuals, teams and organizations of all sizes improve productivity, while meeting complex data security and regulatory compliance needs. Symphony was founded in October 2014 and is headquartered in Palo Alto, CA, with offices in New York, Hong Kong, Singapore, Tokyo, Stockholm, Sophia-Antipolis and London.
Symphony has raised roughly $300 million from the world’s largest financial institutions and recognized investors such as Bank of America - Merrill Lynch, Barclays, BNP Paribas, Citibank, Goldman Sachs, JP Morgan Chase, BlackRock, Credit Suisse, Deutsche Bank, HSBC, Wells Fargo, UBS, Société Générale as well as Google.
We’re looking for top-notch talent to join our team to help us change the way the world communicates. If you have the skills and savvy to work with a world-class team and an appetite for game-changing disruption, we want to hear from you!
BENEFITS AND PERKS*:
Medical, dental, and vision coverage
401(K) plan
Life and AD&D coverage
Short-term and long-term disability coverage
Employee assistance program
Flexible spending account benefits
Unlimited vacation and sick time
Fully stocked kitchen and catered or reimbursed lunches
Discounted gym memberships
Many other fun and exciting benefits and activities!
COMPENSATION:
Competitive salary
Bonus Plan
Equity
*Benefits and Perks vary based on location.
Symphony reserves the right of ownership for all unsolicited resumes submitted for this requisition and is not responsible for any fees associated with unsolicited resumes. Symphony is an Equal Opportunity Employer. Symphony participates in E-Verify.
Any offer of employment is conditioned upon the completion of an I-9 form and submission of the appropriate documents for identity and work authorization.
Technical Project Manager, Security will work with cross functional teams to lead complex technical security projects that ensure the protection of data, assets, and employees.
WHAT YOU’LL DO:
Own the lifecycle of technical security projects
Coordinate with cross functional teams, and vendors to define and manage project scope, schedule, and overall plans
Collaborate with operations, engineering, security, and other internal teams to identify, understand, and address their needs with technical security solutions
Maintain documentation throughout project lifecycle and prepare reports for security leadership and other key stakeholders
WHAT WE ARE LOOKING FOR:
Bachelor's degree or equivalent experience in a related field (project management, information security, etc.)
3+ years of project management experience in a corporate or startup environment with technology background
Security or project management certifications (i.e. CISSP, PMP) certifications preferred
Proven ability to work creatively and analytically in a high growth fast paced environment preferred
Highly organized, with solid time management skills and acute attention to detail preferred
WHO WE ARE:
Ripple provides one frictionless experience to send money globally using the power of blockchain. By joining Ripple’s growing, global network, financial institutions can process their customers’ payments anywhere in the world instantly, reliably and cost-effectively. Banks and payment providers can use the digital asset XRP to further reduce their costs and access new markets.
With offices in San Francisco, New York, London, Sydney, Mumbai, Singapore and Luxembourg, Ripple has more than 100 customers around the world.
Ripple is an Equal Opportunity Employer. We’re committed to building a diverse and inclusive team. We do not discriminate against qualified employees or applicants because of race, color, religion, gender identity, sex, sexual preference, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other characteristic protected by local law or ordinance.
Sep 05, 2018
Full time
Technical Project Manager, Security will work with cross functional teams to lead complex technical security projects that ensure the protection of data, assets, and employees.
WHAT YOU’LL DO:
Own the lifecycle of technical security projects
Coordinate with cross functional teams, and vendors to define and manage project scope, schedule, and overall plans
Collaborate with operations, engineering, security, and other internal teams to identify, understand, and address their needs with technical security solutions
Maintain documentation throughout project lifecycle and prepare reports for security leadership and other key stakeholders
WHAT WE ARE LOOKING FOR:
Bachelor's degree or equivalent experience in a related field (project management, information security, etc.)
3+ years of project management experience in a corporate or startup environment with technology background
Security or project management certifications (i.e. CISSP, PMP) certifications preferred
Proven ability to work creatively and analytically in a high growth fast paced environment preferred
Highly organized, with solid time management skills and acute attention to detail preferred
WHO WE ARE:
Ripple provides one frictionless experience to send money globally using the power of blockchain. By joining Ripple’s growing, global network, financial institutions can process their customers’ payments anywhere in the world instantly, reliably and cost-effectively. Banks and payment providers can use the digital asset XRP to further reduce their costs and access new markets.
With offices in San Francisco, New York, London, Sydney, Mumbai, Singapore and Luxembourg, Ripple has more than 100 customers around the world.
Ripple is an Equal Opportunity Employer. We’re committed to building a diverse and inclusive team. We do not discriminate against qualified employees or applicants because of race, color, religion, gender identity, sex, sexual preference, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other characteristic protected by local law or ordinance.
At Plaid, we believe that the way consumers and businesses interact with their finances will drastically improve in the next few years. Our goal is to build the tools and infrastructure for developers to create this next generation of financial services applications. Today, hundreds of companies such as Robinhood, Stripe, and Venmo rely on Plaid to integrate with banks and the financial system.
With this work comes the crucial responsibility of protecting our developers and their end-users from malicious actors. We were the first to release account number tokenization through our partnership with Stripe, first to create end-to-end tokenization of consumer financial data, and first to write the spec that several Fortune 50 banks are now implementing to permission consumer and business financial data. At Plaid, security is a critical part of everything that we do, not just something to be scared of.
What excites you
Implementing tools for security monitoring, audit trail collection, event correlation, fraud mitigation and related security needs
Triaging and patching vulnerabilities across Plaid's cloud instances
Providing education and guidance on security topics across the Plaid team
Working with DevOps to ensure that environments are consistent with security controls
Handling various security processes and applications including scanning, host inventorying and code inspection tools
Managing VPN, firewall, SSO/federated identity and other critical operational infrastructure
Working in conjunction with Techops to manage security related MDM activities including endpoint patch management and auditing
Being responsible for external messaging of security processes and systems, and keeping up-to-date with industry developments
What excites us
Ability to code and script to automate common activities and effectively implement various security tools
Experience with log aggregation and correlation tools
Experience evaluating and rolling out security related patches and configuration changes
Experience managing VPN devices and configurations
Experience working with SSO/federated identity solutions
Experience handling security events as they happen
Bonus
Production software engineering experience and mastery of at least one language
Experience doing security operations in a cloud environment, particularly AWS
Experience communicating security policies to 3rd parties in compliance and security review settings
Incident Response experience
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Aug 02, 2018
Full time
At Plaid, we believe that the way consumers and businesses interact with their finances will drastically improve in the next few years. Our goal is to build the tools and infrastructure for developers to create this next generation of financial services applications. Today, hundreds of companies such as Robinhood, Stripe, and Venmo rely on Plaid to integrate with banks and the financial system.
With this work comes the crucial responsibility of protecting our developers and their end-users from malicious actors. We were the first to release account number tokenization through our partnership with Stripe, first to create end-to-end tokenization of consumer financial data, and first to write the spec that several Fortune 50 banks are now implementing to permission consumer and business financial data. At Plaid, security is a critical part of everything that we do, not just something to be scared of.
What excites you
Implementing tools for security monitoring, audit trail collection, event correlation, fraud mitigation and related security needs
Triaging and patching vulnerabilities across Plaid's cloud instances
Providing education and guidance on security topics across the Plaid team
Working with DevOps to ensure that environments are consistent with security controls
Handling various security processes and applications including scanning, host inventorying and code inspection tools
Managing VPN, firewall, SSO/federated identity and other critical operational infrastructure
Working in conjunction with Techops to manage security related MDM activities including endpoint patch management and auditing
Being responsible for external messaging of security processes and systems, and keeping up-to-date with industry developments
What excites us
Ability to code and script to automate common activities and effectively implement various security tools
Experience with log aggregation and correlation tools
Experience evaluating and rolling out security related patches and configuration changes
Experience managing VPN devices and configurations
Experience working with SSO/federated identity solutions
Experience handling security events as they happen
Bonus
Production software engineering experience and mastery of at least one language
Experience doing security operations in a cloud environment, particularly AWS
Experience communicating security policies to 3rd parties in compliance and security review settings
Incident Response experience
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Digital Reasoning is seeking a Security Engineer for our Infrastructure Operations team. We're looking for a bright, ambitious, and highly capable person to drive the information security initiatives across our fast-paced organization and work with advanced technologies.
What you’d be responsible for
Perform daily system monitoring, verifying the integrity and availability of all systems and key processes, reviewing system and application logs for security related events.
Utilize and configure infrastructure monitoring and reporting tools.
Develops and manages security policy and procedure for business units across the enterprise to prevent malicious attacks from compromising company systems and information.
Management of automated and human Penetration Testing and Vulnerability Scanning cadence, including enforcement of remediation of findings with Product Management
Develops and implements security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures, and use of firewalls and encryption routines).
Responsible for the configuration and management of antivirus, IDS/IPS,reputation, system integrity monitoring, and for the tracking and monitoring of software virus and malware incidents.
Enforces security policies and procedures by administering and monitoring security profiles; reviews security violation reports; investigates possible security exceptions; and updates, maintains, and documents security controls.
Maintains and monitors the company’s firewall and ensures utilization of encryption methods.
Provide input into, and regular updates on, RFP responses and customer-facing architecture and security collateral
Provides direct support to the business and IT staff for security-related issues.
Educates IT and the business about security policies and consults on security issues regarding user built/managed systems.
Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues.
Current technology stack includes OSX, Linux, AWS, Cisco/Meraki, Hadoop, ElasticSearch Python, Django, MySQL, Angular, Git
Performs other related duties as assigned.
Traits we’d love to see
HIPAA and HiTRUST experience
Ability to work on multiple tasks, prioritizing and organizing these tasks to maximize productivity
Self-starter with strong communication skills
Ability to work independently as well as in a team
Eagerness to tackle problems outside your core competencies and learn new technologies as required
BS or MS in Computer Science, Information Systems or demonstrated industry hands-on experience
Minimum 5 years of hands on security experience
Experience in securing server and network environments for modern web applications and services
Experience with Linux servers in virtualized environments
Knowledge of common information security management frameworks
Strong background in security operations, processes, solutions and technologies
Strong understanding of policy, compliance, and best practice security principles
Familiarity with docker or other containerization technologies
Knowledge of infrastructure, key processes, and technology-oriented risk issues, specifically around security and privacy
Experience with enterprise risk assessment methodologies
Knowledge of security domains such as Vulnerability Assessments, Intrusion Prevention and Detection, Access Control and Authorization, Policy enforcement, Application Security, Protocol Analysis, Firewall Rulesets, Incident Response, DLP, Encryption, Two-Factor Authentication, Web-filtering, Centralized Security Event Logging, Advanced Threat Protection, Forensics tools, End Point Security Clients.
Experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks.
CISSP, GPEN, CEH or other relevant Information Security certifications are a plus
Jul 24, 2018
Full time
Digital Reasoning is seeking a Security Engineer for our Infrastructure Operations team. We're looking for a bright, ambitious, and highly capable person to drive the information security initiatives across our fast-paced organization and work with advanced technologies.
What you’d be responsible for
Perform daily system monitoring, verifying the integrity and availability of all systems and key processes, reviewing system and application logs for security related events.
Utilize and configure infrastructure monitoring and reporting tools.
Develops and manages security policy and procedure for business units across the enterprise to prevent malicious attacks from compromising company systems and information.
Management of automated and human Penetration Testing and Vulnerability Scanning cadence, including enforcement of remediation of findings with Product Management
Develops and implements security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures, and use of firewalls and encryption routines).
Responsible for the configuration and management of antivirus, IDS/IPS,reputation, system integrity monitoring, and for the tracking and monitoring of software virus and malware incidents.
Enforces security policies and procedures by administering and monitoring security profiles; reviews security violation reports; investigates possible security exceptions; and updates, maintains, and documents security controls.
Maintains and monitors the company’s firewall and ensures utilization of encryption methods.
Provide input into, and regular updates on, RFP responses and customer-facing architecture and security collateral
Provides direct support to the business and IT staff for security-related issues.
Educates IT and the business about security policies and consults on security issues regarding user built/managed systems.
Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues.
Current technology stack includes OSX, Linux, AWS, Cisco/Meraki, Hadoop, ElasticSearch Python, Django, MySQL, Angular, Git
Performs other related duties as assigned.
Traits we’d love to see
HIPAA and HiTRUST experience
Ability to work on multiple tasks, prioritizing and organizing these tasks to maximize productivity
Self-starter with strong communication skills
Ability to work independently as well as in a team
Eagerness to tackle problems outside your core competencies and learn new technologies as required
BS or MS in Computer Science, Information Systems or demonstrated industry hands-on experience
Minimum 5 years of hands on security experience
Experience in securing server and network environments for modern web applications and services
Experience with Linux servers in virtualized environments
Knowledge of common information security management frameworks
Strong background in security operations, processes, solutions and technologies
Strong understanding of policy, compliance, and best practice security principles
Familiarity with docker or other containerization technologies
Knowledge of infrastructure, key processes, and technology-oriented risk issues, specifically around security and privacy
Experience with enterprise risk assessment methodologies
Knowledge of security domains such as Vulnerability Assessments, Intrusion Prevention and Detection, Access Control and Authorization, Policy enforcement, Application Security, Protocol Analysis, Firewall Rulesets, Incident Response, DLP, Encryption, Two-Factor Authentication, Web-filtering, Centralized Security Event Logging, Advanced Threat Protection, Forensics tools, End Point Security Clients.
Experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks.
CISSP, GPEN, CEH or other relevant Information Security certifications are a plus
As a Principal Security Engineer at Kensho, you are a thoughtful, collaborative, and dynamic technologist who loves ensuring security across a number of systems and web applications. You think deeply about the implications, relationships, edge cases, and failure modes, and you are passionate about correctness, security, and writing the next thing, so you aren't spending time maintaining older projects.
Are you a prolific, intellectually curious technologist who appreciates code, math, and security? We are on a mission to clarify complex data through scientific, statistical, analytical, computational, and inspired study. By transforming the data, we are able to bring transparency to some of the most important issues on the planet. You will be joining a team of veterans from Google, Twitter, and Facebook, as well as academia.
What You'll Do:
Evaluate and strengthen Kensho’s security systems and processes across all products and teams by building a scalable process to ensure the security feedback loop is strong
Write, monitor, and triage security tests and test infrastructure
Directly interface with customer infosec teams, lawyers, external security researchers as well as internal partners to ensure that Kensho maintains a best-in-class security envelope
Cultivate full team participation in high quality, thoughtful, secure software
What We Look For:
Deep experience securing modern web applications and distributed data infrastructure in a cross-team setting
Willingness to find and fix vulnerabilities in both our own software and 3rd party dependencies
Experience with penetration testing and industry-standard cryptography
Expertise in automated and scalable testing, automation, and continuous integration frameworks
Desire to build a strong, operationally-minded engineering culture through effective and thoughtful coding, documentation, and collaborative approach as a code reviewer and teammate
How to Really Get Our Attention:
Security engineer experience at a top 10 software company
Participation and awards at security capture-the-flag competitions
Open source project contributions showing innovation and initiative
Hedge fund or major financial institution trading experience
Relevant research, publications, and patents
Technologies We Like:
Python, Linux, Docker, Kubernetes, Calico, Git, Jenkins, Sentry, Cypress
Perks:
Medical, Dental, and Vision insurance with 100% premium covered
Unlimited vacation days
Paid Parental Leave
401(k) plan with employer match
Free snacks and drinks
Dog-friendly office
Cardio machines and weights in the office
Hubway (bike sharing program) membership
Jul 19, 2018
Full time
As a Principal Security Engineer at Kensho, you are a thoughtful, collaborative, and dynamic technologist who loves ensuring security across a number of systems and web applications. You think deeply about the implications, relationships, edge cases, and failure modes, and you are passionate about correctness, security, and writing the next thing, so you aren't spending time maintaining older projects.
Are you a prolific, intellectually curious technologist who appreciates code, math, and security? We are on a mission to clarify complex data through scientific, statistical, analytical, computational, and inspired study. By transforming the data, we are able to bring transparency to some of the most important issues on the planet. You will be joining a team of veterans from Google, Twitter, and Facebook, as well as academia.
What You'll Do:
Evaluate and strengthen Kensho’s security systems and processes across all products and teams by building a scalable process to ensure the security feedback loop is strong
Write, monitor, and triage security tests and test infrastructure
Directly interface with customer infosec teams, lawyers, external security researchers as well as internal partners to ensure that Kensho maintains a best-in-class security envelope
Cultivate full team participation in high quality, thoughtful, secure software
What We Look For:
Deep experience securing modern web applications and distributed data infrastructure in a cross-team setting
Willingness to find and fix vulnerabilities in both our own software and 3rd party dependencies
Experience with penetration testing and industry-standard cryptography
Expertise in automated and scalable testing, automation, and continuous integration frameworks
Desire to build a strong, operationally-minded engineering culture through effective and thoughtful coding, documentation, and collaborative approach as a code reviewer and teammate
How to Really Get Our Attention:
Security engineer experience at a top 10 software company
Participation and awards at security capture-the-flag competitions
Open source project contributions showing innovation and initiative
Hedge fund or major financial institution trading experience
Relevant research, publications, and patents
Technologies We Like:
Python, Linux, Docker, Kubernetes, Calico, Git, Jenkins, Sentry, Cypress
Perks:
Medical, Dental, and Vision insurance with 100% premium covered
Unlimited vacation days
Paid Parental Leave
401(k) plan with employer match
Free snacks and drinks
Dog-friendly office
Cardio machines and weights in the office
Hubway (bike sharing program) membership
Join Upstart as our Information Security Architect , where you will bring security controls into our cloud infrastructure. Reporting to the Head of information Security, you will set up security incident and event management within Upstart. You’ll play a key role in ensuring security controls through design and architecture in our infrastructure, creating protocols for how we restrict access and data to specific users, and identifying and rectifying cases in which our infrastructure and data processing applications/databases isn’t secure or secure enough. You will also be a thought leader and represent Upstart at security conferences and events. As one of the first members of this team, you will also have an opportunity for growth into management.
Here is more about what you’ll be doing:
Managing security compliance in all infrastructure-related projects including mapping Technology compliance into our infrastructure
Partnering with engineering and dev-ops to provide security guidance in managing secure networking, securing IT assets and defining requirements for our Devops Team
Building out Upstart’s future through infrastructure by creating AWS-based security controls from scratch using a variety of AWS tools
Set up a regular vulnerability scanning tools and manage remediation of identified issues
Conducting infrastructure security audits, penetration tests, and periodic access reviews to applications and infrastructure
Owning security controls relating to application access and data encryption
Leading vulnerability management and incident management procedures
Keeping abreast on all compliance/regulatory news and information in fintech to ensure Upstart is at the forefront of changes in the industry
Actively participating in open source forums (e.g OWASP) and cloud infrastructure conferences
Requirements:
5+ years of experience in information security, preferably with experience in enabling security incident and event management
3+ years of experience in a leadership role
Certification in IT or cybersecurity (e.g. CISSP or CISM) will strengthen consideration
Experience working in high-security/high-compliance environments, Maintain compliance requirements with international standards such as (SOX, SOC2 and ISO27001)
Experience setting up and working with AWS Inspector, Kinesis - Lambda based security response, Macie, Gaurd Duty, Config and Config rules
Experience setting up and working in security operations
Ability to define high-level strategy for security/compliance monitoring and risk mitigation
Strong written and verbal communication skills
Jul 17, 2018
Full time
Join Upstart as our Information Security Architect , where you will bring security controls into our cloud infrastructure. Reporting to the Head of information Security, you will set up security incident and event management within Upstart. You’ll play a key role in ensuring security controls through design and architecture in our infrastructure, creating protocols for how we restrict access and data to specific users, and identifying and rectifying cases in which our infrastructure and data processing applications/databases isn’t secure or secure enough. You will also be a thought leader and represent Upstart at security conferences and events. As one of the first members of this team, you will also have an opportunity for growth into management.
Here is more about what you’ll be doing:
Managing security compliance in all infrastructure-related projects including mapping Technology compliance into our infrastructure
Partnering with engineering and dev-ops to provide security guidance in managing secure networking, securing IT assets and defining requirements for our Devops Team
Building out Upstart’s future through infrastructure by creating AWS-based security controls from scratch using a variety of AWS tools
Set up a regular vulnerability scanning tools and manage remediation of identified issues
Conducting infrastructure security audits, penetration tests, and periodic access reviews to applications and infrastructure
Owning security controls relating to application access and data encryption
Leading vulnerability management and incident management procedures
Keeping abreast on all compliance/regulatory news and information in fintech to ensure Upstart is at the forefront of changes in the industry
Actively participating in open source forums (e.g OWASP) and cloud infrastructure conferences
Requirements:
5+ years of experience in information security, preferably with experience in enabling security incident and event management
3+ years of experience in a leadership role
Certification in IT or cybersecurity (e.g. CISSP or CISM) will strengthen consideration
Experience working in high-security/high-compliance environments, Maintain compliance requirements with international standards such as (SOX, SOC2 and ISO27001)
Experience setting up and working with AWS Inspector, Kinesis - Lambda based security response, Macie, Gaurd Duty, Config and Config rules
Experience setting up and working in security operations
Ability to define high-level strategy for security/compliance monitoring and risk mitigation
Strong written and verbal communication skills
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Staff Security Engineer is to own and lead Credit Karma's Security initiatives.
What will you do?
Document and implement security zoning best practices.
Partner with Network, Platform, and Dev teams to design security-centric architectures and frameworks.
Review third-party and partner integrations to ensure compliance with security best practices.
Develop Identity and Access Management standards and enforce best practices.
Drive security and support initiatives as subject matter expert.
Drive security at scale, focusing on automation and process improvement.
Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack.
Serve as an escalation point in responding to security incidents and investigations.
What’s great about it?
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Work alongside a highly motivated, helpful and collaborative team.
Have the autonomy to achieve results without micromanagement.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What do we expect?
Balance of high-level architecture and design principles and strong technical know-how.
Experience working in a fast-paced, dynamic yet mature engineering environment.
Effective cross-functional communication and ability to achieve results.
Confident articulating complex technical content to Senior Management and business partners.
Self-starting attitude and fearless ascent up the learning curve.
Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
A fun and positive attitude!
Jul 02, 2018
Full time
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Staff Security Engineer is to own and lead Credit Karma's Security initiatives.
What will you do?
Document and implement security zoning best practices.
Partner with Network, Platform, and Dev teams to design security-centric architectures and frameworks.
Review third-party and partner integrations to ensure compliance with security best practices.
Develop Identity and Access Management standards and enforce best practices.
Drive security and support initiatives as subject matter expert.
Drive security at scale, focusing on automation and process improvement.
Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack.
Serve as an escalation point in responding to security incidents and investigations.
What’s great about it?
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Work alongside a highly motivated, helpful and collaborative team.
Have the autonomy to achieve results without micromanagement.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What do we expect?
Balance of high-level architecture and design principles and strong technical know-how.
Experience working in a fast-paced, dynamic yet mature engineering environment.
Effective cross-functional communication and ability to achieve results.
Confident articulating complex technical content to Senior Management and business partners.
Self-starting attitude and fearless ascent up the learning curve.
Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
A fun and positive attitude!
Credit Karma's mission is to make financial progress possible for everyone. We have over 80 million US members and are now taking aim internationally. In just 12 months from launch, we’ve grown Credit Karma Canada to be the #1 destination for free credit scores and reports, and we’re just getting started. Your role will be to our international growth efforts in Canada and globally beyond. We’re looking for a leader to take charge of driving execution and high performing operations for all of our international product and engineering teams. You will drive key decisions along the way that will impact our entire International team. We are operating as a well funded and supported “startup” within Credit Karma with enormous opportunity to move fast and have high impact. The Technical Program Manager Lead will work directly with the VP, International and be a critical leader for the cross-functional teams and the overall Credit Karma International roadmap, including existing country products and new market entry. The role will start as a hands-on individual contributor and quickly scale to be a manager role. This position will be based in San Francisco, but may require frequent travel.
What you'll do:
Lead on technical program management for entire Canada product roadmap, including: Scoping and setting near- and long-term goals and OKRs. Driving on-time delivery of every product launch. Identifying any risks or blockers along with solutions to get back on track.
Lead on go-to-market planning for all new markets, including: Leading the complex, cross-functional efforts to launch, ensuring timely and successful execution. Hands-on responsibilities during and through launch to ensure success of newly formed country teams, especially through first 6 months of operations. Deep involvement of hiring and crafting team culture for new product and engineering teams.
Directly handle third-party platform relationships, for example, for Localization
Craft and run critical team infrastructure for all markets, building off of core Credit Karma systems and methodologies that exist. These areas include: Culture building for each country’s product and engineering team as well as the International team overall. Metrics & reporting infrastructure so that the International Analytics team can achieve maximum scale and impact. Communications channels from the our team out to the rest of Credit Karma. Cross-pollination of information on product roadmaps, experiment results, and other lessons learned between the broader company and our team.
Build the operating models for each of our Country teams and our broader International team partner successfully with other teams such as Security, Infrastructure & Platform, Legal & Compliance, Member Support, etc.
Be the first of what will be a growing team of Technical Program Managers for International, including the opportunity to directly hire and develop this team over time.
What's phenomenal about it:
You’ll build something that has the potential to positively affect millions of people around the world
The work you do will have significant impact and visibility across Credit Karma
This role brings the best of both worlds: the experience of growing early-stage products and businesses with the support of a successful later-stage internet company
Credit Karma is an equal opportunity employer, and we highly encourage people of all backgrounds to apply; This is especially true on our International team where each of us should have empathy for members, partners and colleagues of diverse backgrounds
What we expect:
Interest and excitement in our mission of enabling financial progress, especially internationally
8+ years of related experience, including technical program management, operations, engineering or product management
Track record of success in driving wholly new, large scale product launch plans
Deep understanding of program management methodologies with prove ability to adapt to unique team needs and objectives
Ability to critically observe operational results (both good and bad) to make independent recommendations and decisions about how to improve
Ability to create a shared team culture and get results directly or indirectly, especially across diverse cross-functional teams
Professional experience leading projects across multiple remote locations, ideally internationally
Experience working hands-on with product and engineering teams in both smaller startup and large company environments
High level of proficiency in technical understanding and working directly with engineers to anticipate operational risks and tackle problems
Ideally experience managing teams directly
Bachelor’s degree from a top university required; Master’s degree is preferred
Jul 02, 2018
Full time
Credit Karma's mission is to make financial progress possible for everyone. We have over 80 million US members and are now taking aim internationally. In just 12 months from launch, we’ve grown Credit Karma Canada to be the #1 destination for free credit scores and reports, and we’re just getting started. Your role will be to our international growth efforts in Canada and globally beyond. We’re looking for a leader to take charge of driving execution and high performing operations for all of our international product and engineering teams. You will drive key decisions along the way that will impact our entire International team. We are operating as a well funded and supported “startup” within Credit Karma with enormous opportunity to move fast and have high impact. The Technical Program Manager Lead will work directly with the VP, International and be a critical leader for the cross-functional teams and the overall Credit Karma International roadmap, including existing country products and new market entry. The role will start as a hands-on individual contributor and quickly scale to be a manager role. This position will be based in San Francisco, but may require frequent travel.
What you'll do:
Lead on technical program management for entire Canada product roadmap, including: Scoping and setting near- and long-term goals and OKRs. Driving on-time delivery of every product launch. Identifying any risks or blockers along with solutions to get back on track.
Lead on go-to-market planning for all new markets, including: Leading the complex, cross-functional efforts to launch, ensuring timely and successful execution. Hands-on responsibilities during and through launch to ensure success of newly formed country teams, especially through first 6 months of operations. Deep involvement of hiring and crafting team culture for new product and engineering teams.
Directly handle third-party platform relationships, for example, for Localization
Craft and run critical team infrastructure for all markets, building off of core Credit Karma systems and methodologies that exist. These areas include: Culture building for each country’s product and engineering team as well as the International team overall. Metrics & reporting infrastructure so that the International Analytics team can achieve maximum scale and impact. Communications channels from the our team out to the rest of Credit Karma. Cross-pollination of information on product roadmaps, experiment results, and other lessons learned between the broader company and our team.
Build the operating models for each of our Country teams and our broader International team partner successfully with other teams such as Security, Infrastructure & Platform, Legal & Compliance, Member Support, etc.
Be the first of what will be a growing team of Technical Program Managers for International, including the opportunity to directly hire and develop this team over time.
What's phenomenal about it:
You’ll build something that has the potential to positively affect millions of people around the world
The work you do will have significant impact and visibility across Credit Karma
This role brings the best of both worlds: the experience of growing early-stage products and businesses with the support of a successful later-stage internet company
Credit Karma is an equal opportunity employer, and we highly encourage people of all backgrounds to apply; This is especially true on our International team where each of us should have empathy for members, partners and colleagues of diverse backgrounds
What we expect:
Interest and excitement in our mission of enabling financial progress, especially internationally
8+ years of related experience, including technical program management, operations, engineering or product management
Track record of success in driving wholly new, large scale product launch plans
Deep understanding of program management methodologies with prove ability to adapt to unique team needs and objectives
Ability to critically observe operational results (both good and bad) to make independent recommendations and decisions about how to improve
Ability to create a shared team culture and get results directly or indirectly, especially across diverse cross-functional teams
Professional experience leading projects across multiple remote locations, ideally internationally
Experience working hands-on with product and engineering teams in both smaller startup and large company environments
High level of proficiency in technical understanding and working directly with engineers to anticipate operational risks and tackle problems
Ideally experience managing teams directly
Bachelor’s degree from a top university required; Master’s degree is preferred
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Security Engineer is to develop detection and protection controls as well as build content that will feed automated actions and infrastructure changes.
What You'll Do
Deploy and maintain security solutions that will prevent and detect attacks against CK's infrastructure
Develop content and tune alerting for important events.
Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack.
Partner with incident responders to automate repetitive actions.
Build and monitor integrations between security solutions and ensure the completeness and accuracy of ingested data.
What's Great About it
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Solid grasp of system, network and security fundamentals
Strong scripting or relevant programming skills for automating repetitive tasks.
Experience working in (or closely with) a Security Operations Center.
Experience creating detection content and writing correlation rules
Expertise configuring and administering at last one vulnerability management solution.
Expertise configuring and administering security automation and orchestration platforms
Self-starting attitude and fearless ascent up the learning curve.
Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
A fun and positive attitude!
Jul 02, 2018
Full time
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Security Engineer is to develop detection and protection controls as well as build content that will feed automated actions and infrastructure changes.
What You'll Do
Deploy and maintain security solutions that will prevent and detect attacks against CK's infrastructure
Develop content and tune alerting for important events.
Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack.
Partner with incident responders to automate repetitive actions.
Build and monitor integrations between security solutions and ensure the completeness and accuracy of ingested data.
What's Great About it
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Solid grasp of system, network and security fundamentals
Strong scripting or relevant programming skills for automating repetitive tasks.
Experience working in (or closely with) a Security Operations Center.
Experience creating detection content and writing correlation rules
Expertise configuring and administering at last one vulnerability management solution.
Expertise configuring and administering security automation and orchestration platforms
Self-starting attitude and fearless ascent up the learning curve.
Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
A fun and positive attitude!
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Senior Staff Security Engineer is to own and lead Credit Karma's cloud security initiatives.
What You'll Do
Partner with Network, Platform, and Dev teams to design security-centric cloud architectures and frameworks.
Drive cloud security and support initiatives as subject matter expert.
Develop Identity and Access Management standards and enforce best practices for the public and private cloud.
Drive security at scale, focusing on automation and process improvement.
Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack.
What's Great About It
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Work alongside a highly motivated, helpful and collaborative team.
Have the autonomy to achieve results without micromanagement.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Balance of high-level architecture and design principles and strong technical know-how.
Effective cross-functional communication and ability to achieve results.
Solid grasp of cloud security solutions, both native and 3rd party.
Experience leading cloud workload security initiatives in an enterprise-scale, mixed-vendor environment.
Proven track record in architecting secure IaaS, PaaS and SaaS frameworks in both public and private cloud environments.
Confident articulating complex technical content to Senior Management and business partners.
Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
Jul 02, 2018
Full time
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Senior Staff Security Engineer is to own and lead Credit Karma's cloud security initiatives.
What You'll Do
Partner with Network, Platform, and Dev teams to design security-centric cloud architectures and frameworks.
Drive cloud security and support initiatives as subject matter expert.
Develop Identity and Access Management standards and enforce best practices for the public and private cloud.
Drive security at scale, focusing on automation and process improvement.
Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack.
What's Great About It
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Work alongside a highly motivated, helpful and collaborative team.
Have the autonomy to achieve results without micromanagement.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Balance of high-level architecture and design principles and strong technical know-how.
Effective cross-functional communication and ability to achieve results.
Solid grasp of cloud security solutions, both native and 3rd party.
Experience leading cloud workload security initiatives in an enterprise-scale, mixed-vendor environment.
Proven track record in architecting secure IaaS, PaaS and SaaS frameworks in both public and private cloud environments.
Confident articulating complex technical content to Senior Management and business partners.
Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Security Engineer is to develop network-based detection and protection controls.
What You'll Do
Research the latest industry leading Network Security solutions.
Deploy and maintain security solutions that will prevent and detect attacks against CK's networks.
Develop content and tune alerting for important events.
Leverage scripting and programming to automate manual actions.
Build and monitor integrations between security solutions and ensure all solutions are logging relevant data.
Ensure security baselines are configured as part of network device build processes.
What's Great About It
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Solid grasp of network and network security fundamentals, including routing, switching, load balancing, firewalls, proxies and IDS.
Experience administrating network security solutions in an enterprise-scale, mixed-vendor environment.
Strong scripting or relevant programming skills for automating repetitive tasks.
Familiarity with micro-segmentation and anomaly detection platforms.
Deep understanding of latest Software Defined Networking trends and architectures.
Experience managing network security solutions in both data center and cloud environments.
Jul 02, 2018
Full time
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Security Engineer is to develop network-based detection and protection controls.
What You'll Do
Research the latest industry leading Network Security solutions.
Deploy and maintain security solutions that will prevent and detect attacks against CK's networks.
Develop content and tune alerting for important events.
Leverage scripting and programming to automate manual actions.
Build and monitor integrations between security solutions and ensure all solutions are logging relevant data.
Ensure security baselines are configured as part of network device build processes.
What's Great About It
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Solid grasp of network and network security fundamentals, including routing, switching, load balancing, firewalls, proxies and IDS.
Experience administrating network security solutions in an enterprise-scale, mixed-vendor environment.
Strong scripting or relevant programming skills for automating repetitive tasks.
Familiarity with micro-segmentation and anomaly detection platforms.
Deep understanding of latest Software Defined Networking trends and architectures.
Experience managing network security solutions in both data center and cloud environments.
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Senior Security Engineer is to develop host-based detection and protection controls spanning workstations, servers and Cloud instances.
What You'll Do
Research the latest industry leading Endpoint Detection and Response solutions.
Deploy and maintain security solutions that will prevent and detect attacks against CK's infrastructure.
Develop content and tune alerting for important events.
Leverage scripting and programming to automate manual actions.
Build and monitor integrations between security solutions and ensure all solutions are logging relevant data.
Ensure security baselines are configured as part of system build processes.
What's Great About It
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Solid grasp of endpoint security fundamentals, including operating system weaknesses.
Experience administrating workstations, servers and containers in an enterprise-scale, mixed-vendor environment.
Strong scripting or relevant programming skills for automating repetitive tasks.
Expertise configuring and administering EDR solutions.
Familiarity with micro-segmentation and anomaly detection platforms.
Jul 02, 2018
Full time
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Senior Security Engineer is to develop host-based detection and protection controls spanning workstations, servers and Cloud instances.
What You'll Do
Research the latest industry leading Endpoint Detection and Response solutions.
Deploy and maintain security solutions that will prevent and detect attacks against CK's infrastructure.
Develop content and tune alerting for important events.
Leverage scripting and programming to automate manual actions.
Build and monitor integrations between security solutions and ensure all solutions are logging relevant data.
Ensure security baselines are configured as part of system build processes.
What's Great About It
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Solid grasp of endpoint security fundamentals, including operating system weaknesses.
Experience administrating workstations, servers and containers in an enterprise-scale, mixed-vendor environment.
Strong scripting or relevant programming skills for automating repetitive tasks.
Expertise configuring and administering EDR solutions.
Familiarity with micro-segmentation and anomaly detection platforms.
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Senior Security Engineer is to develop content for our SIEM system.
What You'll Do
Mature our SIEM tool and provide our SOC team actionable events.
Develop content, tune alerting and create correlation rules.
Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack.
Partner with incident responders to improve data quality and reduce false positives.
Build and monitor integrations between security solutions and ensure the completeness and accuracy of ingested data.
Create dashboards for the SOC team, management and other stakeholders.
What's Great About It
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Solid grasp of system, network and security fundamentals.
Hands on experience with Enterprise SIEM products in an dynamic environment.
Experience building dashboards, creating searches and alerting rules in Splunk and/or Splunk ES.
Experience creating detection content and writing correlation rules.
Strong scripting or relevant programming skills for automating repetitive tasks.
Experience working in (or closely with) a Security Operations Center.
Jul 02, 2018
Full time
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Senior Security Engineer is to develop content for our SIEM system.
What You'll Do
Mature our SIEM tool and provide our SOC team actionable events.
Develop content, tune alerting and create correlation rules.
Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack.
Partner with incident responders to improve data quality and reduce false positives.
Build and monitor integrations between security solutions and ensure the completeness and accuracy of ingested data.
Create dashboards for the SOC team, management and other stakeholders.
What's Great About It
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Solid grasp of system, network and security fundamentals.
Hands on experience with Enterprise SIEM products in an dynamic environment.
Experience building dashboards, creating searches and alerting rules in Splunk and/or Splunk ES.
Experience creating detection content and writing correlation rules.
Strong scripting or relevant programming skills for automating repetitive tasks.
Experience working in (or closely with) a Security Operations Center.
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual developer, everyone views security as a personal responsibility. The successful candidate should understand basic concepts such as networking, applications, and operating system functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealthy operations. Your unique mission as a Red Team Staff Engineer is to identify potential weaknesses in the foundational infrastructure and core application and strategically reinforce them, enabling the engineering team to focus fiercely on new features. The assessments will drive the company’s ability to protect, detect and respond to cyber-attacks.
What You'll Do
Lead and deliver the red team assessments.
Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments.
Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff.
Execute controlled assessments, conduct attack/vulnerability research, work to evade detection mechanisms in place and address weaknesses through strategic partnerships around the organization.
Represent a contrarian perspective of security strategies, controls and defenses in order to identify previously undetected gaps or weaknesses.
Utilize techniques that probe and circumvent technical and operational controls to successfully demonstrate a compromise and how acts of deliberate disruption can cause adverse financial loss or bring about appreciable negative impact to Credit Karma and its members, partners and other stakeholders.
Support vulnerability remediation by recommending holistic solutions instead of brittle point-fixes.
Refactor existing codebase to leverage new security framework capabilities with an eye toward transition from monolithic to service-oriented architecture.
Understand and deploy security standards at an organizational scale (e.g. CSP, SRI, etc).
What We Expect
Minimum 8 years security experience, both as a builder and breaker in following: Mobile and web application assessments; Network penetration testing and manipulation of network infrastructure; Email, phone, or physical social-engineering assessments; Developing, extending, or modifying exploits, shellcode or exploit tools; Reverse engineering malware, data obfuscators, or ciphers; Cloud security and security architecture, GCP security controls.
Experience delivering reports and presenting findings, specifically to technical IT and management.
Technical depth in many, if not most of the following areas: LAMP stack, Node.js, Scala/Java, mobile, PKI, HTTP-based SOA/microservices, encryption, hashing, tokenization, secure randomness, Hardware Security Modules (HSMs), canonicalization, output encoding, message-based security, rate-limiting, anti-automation, role-based access control (RBAC), and large-scale data transport.
Working knowledge of all vulnerability classes on the OWASP Periodic Table of Vulnerabilities, with strong conceptualization of designs that make it impossible for developers to introduce those vulnerabilities.
Thorough understanding of InfoSec control frameworks and how they can be realistically implemented.
Source code review for control flow and security flaws
Thought leadership in the security field, with demonstrable contributions to industry groups.
Artful communication skills and organizational savvy to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concerns.
Jul 02, 2018
Full time
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual developer, everyone views security as a personal responsibility. The successful candidate should understand basic concepts such as networking, applications, and operating system functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealthy operations. Your unique mission as a Red Team Staff Engineer is to identify potential weaknesses in the foundational infrastructure and core application and strategically reinforce them, enabling the engineering team to focus fiercely on new features. The assessments will drive the company’s ability to protect, detect and respond to cyber-attacks.
What You'll Do
Lead and deliver the red team assessments.
Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments.
Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff.
Execute controlled assessments, conduct attack/vulnerability research, work to evade detection mechanisms in place and address weaknesses through strategic partnerships around the organization.
Represent a contrarian perspective of security strategies, controls and defenses in order to identify previously undetected gaps or weaknesses.
Utilize techniques that probe and circumvent technical and operational controls to successfully demonstrate a compromise and how acts of deliberate disruption can cause adverse financial loss or bring about appreciable negative impact to Credit Karma and its members, partners and other stakeholders.
Support vulnerability remediation by recommending holistic solutions instead of brittle point-fixes.
Refactor existing codebase to leverage new security framework capabilities with an eye toward transition from monolithic to service-oriented architecture.
Understand and deploy security standards at an organizational scale (e.g. CSP, SRI, etc).
What We Expect
Minimum 8 years security experience, both as a builder and breaker in following: Mobile and web application assessments; Network penetration testing and manipulation of network infrastructure; Email, phone, or physical social-engineering assessments; Developing, extending, or modifying exploits, shellcode or exploit tools; Reverse engineering malware, data obfuscators, or ciphers; Cloud security and security architecture, GCP security controls.
Experience delivering reports and presenting findings, specifically to technical IT and management.
Technical depth in many, if not most of the following areas: LAMP stack, Node.js, Scala/Java, mobile, PKI, HTTP-based SOA/microservices, encryption, hashing, tokenization, secure randomness, Hardware Security Modules (HSMs), canonicalization, output encoding, message-based security, rate-limiting, anti-automation, role-based access control (RBAC), and large-scale data transport.
Working knowledge of all vulnerability classes on the OWASP Periodic Table of Vulnerabilities, with strong conceptualization of designs that make it impossible for developers to introduce those vulnerabilities.
Thorough understanding of InfoSec control frameworks and how they can be realistically implemented.
Source code review for control flow and security flaws
Thought leadership in the security field, with demonstrable contributions to industry groups.
Artful communication skills and organizational savvy to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concerns.
Overview
At Xapo, the largest custodian of Bitcoin in the world, we offer the convenience you would expect from an online checking account with the high tech security of our Bitcoin vault.Our business is growing fast, and we want to make sure we can keep providing the best quality support to our customers. We are looking for an experienced
Information Security Process Analyst based in Europe who can actively contribute to a challenging / technological work environment.
Responsabilities
High-level coordination and communication across various business units, overseeing operational execution of Global IT Security Policies, and ensuring regulatory IT Security compliance requirements are being met
Enforcement and validation of Global information security policies, standards and procedures
Assess IT general controls and/or application layer security controls to ensure compliance with XAPO Global Information Security policies, international standards, best practices and regulations, especially in the European Union (GDPR, the new Data Privacy Regulation in the EU)
Deep understanding of business processes and technology used within the areas to ensure compliance with regulatory requirements and the XAPO Information Security Policy and applicable procedures, processes and standards
Identify and evaluate technology risks internally and/or at third parties, internal controls which mitigate risks, and related opportunities for internal control improvements
Ensure users understand and adhere to policies and procedures including implementation and enforcement of an information Security awareness program
Some Perks of working with Xapo
TOP-TIER COMPENSATION PLUS STOCK OPTIONS
Absolute autonomy
Remote work enviroment
Working as part of a global team
Learning from Silicon Valley’s brightest
Requirements
5 years or more as an auditor or in audit departments
Proven experience in SOC1/2 Reports and ISO 27001 Certification, Information Security controls - Big 4, Consulting or IT internal audit experience.
Have understanding or work experience with GDPR, the new Data Privacy Regulation in the EU.
Information Security certification such as CISSP, CISSM, CRISC, CISA or equivalent desirable.
Deep understanding and experience on implementation of Policies for Data Privacy and Security controls for protection of Personal Data and Personally Identifiable Information
Privacy regulations and security compliance requirements affecting Global financial institutions (i.e. GDPR)
To be located in Europe
Additional Skills
- Knowledge in various cybersecurity areas such as: Identity and Access Management, Threat and Vulnerability - Management, Information Risk and Governance, IT Architecture, Monitoring, Incident Response and Security Strategy, Physical Security and/or Business Resiliency
- Good written and verbal communication skills for report writing, business requirement proposals, technical policies, and methodology documentation.
- Strong analytical, problem solving, organizational, documentation; time management skills and attention to details
- Good analytical and problem-solving skills coupled with thoroughness and attention to detail is highly desired
- Ability to optimize and condense information and transform data into easily understandable concepts
- Technical skills in MS Excel, PowerPoint, Word, and Project
- Fluent in English. Speak a second language ideal, preferably Spanish, but not a requirement.
Jun 29, 2018
Full time
Overview
At Xapo, the largest custodian of Bitcoin in the world, we offer the convenience you would expect from an online checking account with the high tech security of our Bitcoin vault.Our business is growing fast, and we want to make sure we can keep providing the best quality support to our customers. We are looking for an experienced
Information Security Process Analyst based in Europe who can actively contribute to a challenging / technological work environment.
Responsabilities
High-level coordination and communication across various business units, overseeing operational execution of Global IT Security Policies, and ensuring regulatory IT Security compliance requirements are being met
Enforcement and validation of Global information security policies, standards and procedures
Assess IT general controls and/or application layer security controls to ensure compliance with XAPO Global Information Security policies, international standards, best practices and regulations, especially in the European Union (GDPR, the new Data Privacy Regulation in the EU)
Deep understanding of business processes and technology used within the areas to ensure compliance with regulatory requirements and the XAPO Information Security Policy and applicable procedures, processes and standards
Identify and evaluate technology risks internally and/or at third parties, internal controls which mitigate risks, and related opportunities for internal control improvements
Ensure users understand and adhere to policies and procedures including implementation and enforcement of an information Security awareness program
Some Perks of working with Xapo
TOP-TIER COMPENSATION PLUS STOCK OPTIONS
Absolute autonomy
Remote work enviroment
Working as part of a global team
Learning from Silicon Valley’s brightest
Requirements
5 years or more as an auditor or in audit departments
Proven experience in SOC1/2 Reports and ISO 27001 Certification, Information Security controls - Big 4, Consulting or IT internal audit experience.
Have understanding or work experience with GDPR, the new Data Privacy Regulation in the EU.
Information Security certification such as CISSP, CISSM, CRISC, CISA or equivalent desirable.
Deep understanding and experience on implementation of Policies for Data Privacy and Security controls for protection of Personal Data and Personally Identifiable Information
Privacy regulations and security compliance requirements affecting Global financial institutions (i.e. GDPR)
To be located in Europe
Additional Skills
- Knowledge in various cybersecurity areas such as: Identity and Access Management, Threat and Vulnerability - Management, Information Risk and Governance, IT Architecture, Monitoring, Incident Response and Security Strategy, Physical Security and/or Business Resiliency
- Good written and verbal communication skills for report writing, business requirement proposals, technical policies, and methodology documentation.
- Strong analytical, problem solving, organizational, documentation; time management skills and attention to details
- Good analytical and problem-solving skills coupled with thoroughness and attention to detail is highly desired
- Ability to optimize and condense information and transform data into easily understandable concepts
- Technical skills in MS Excel, PowerPoint, Word, and Project
- Fluent in English. Speak a second language ideal, preferably Spanish, but not a requirement.
