We’re looking for talented security engineers that can continue to build a secure GoCardless in a fast paced environment that invests in a culture of continuous feedback.
You will play a major and leading role in protecting GoCardless through the implementation of security operations programme and have the opportunity to influence and implement cutting-edge measures to prevent, detect and respond to potential cyber security threats.
As a security operations engineer you will play a key role in ensuring GoCardless teams are taking all required steps in operating and building a secure product set including logging infrastructure, security monitoring solutions, anomaly detection, etc.
Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead cross-functionally. You will be working alongside our Product Managers and audit specialists to design and implement measures that will keep GoCardless' products and systems secure.
We work closely with our engineering teams whom are building simple and reliable solutions to complex problems. We keep our development cycles fast, by reviewing and adapting our plans frequently, and by investing in a culture of continuous feedback.
Core responsibilities
Providing subject matter expertise on various areas of security, specifically on security operations
Experience on security use case development, data source on-boarding and different log management and SIEM technologies (i.e Elastic, Splunk, etc.)
Monitoring of metrics associated with security controls to ensure controls are tuned for peak effectiveness
Handling of security operations day-to-day activities, troubleshooting and coordinating resolution or restore using the right tools and processes (activities can be hardware or software failures, security incidents, security breaches, actively looking for threats in logs - threat hunting - etc.)
Professionally manage inbound security-related calls and questions, create tickets, run security-related assessments, security-related user complains, and escalate accordingly
Providing technical support for on call outside normal business hours (if required)
Drive the implementation and dissemination of security KPIs
Liaison with teams for security design, incident handling & education
Participate in cross-team security initiatives
Security tooling selection and/or creation
Perform activities with minimal supervision of routine duties, demonstrate ability to solve practical problems and deal with a variety of concrete variables
Perform scheduled vulnerability assessments and security testing
Requirements
Minimum of five years of security-related experience
Strong analytical and reasoning skills
Experience in other security tooling (Endpoint Security, Web/Network Scanners, SIEM and IDS/IPS, etc.) and its integration into the company systems
A proven and strong depth of expertise in security engineering, system and network security, authentication and security protocols, cryptography and application security, with hands-on experience in web applications for critical 24/7 services
Must have in depth, hands-on experience with security features and system admin of Linux, UNIX and Windows operating systems
Must possess excellent communication skills and ability to cooperate with other business functions
Understanding and exposure of message queue latest technologies such Syslog, Fluentd, GCP PubSub, Logstash, Kafka and SIEM-specific collection mechanisms (i.e. Splunk forwarders, etc.)
Bonus points
BSc/MSc in Computer Science or a related field, or equivalent work
Experience of security in a DevOps environment is preferred and/or experience of Agile methodologies (e.g. Scrum, Kanban)
A comprehensive knowledge of web application security,
Experience in cloud services (GCP, AWS, etc.)
Sound knowledge of the OWASP Top 10 and how they can be prevented
Professional security qualifications are desirable (e.g. CISSP, Offensive Security, GIAC, etc.)
Awareness and experience of the Data Protection Act, ISO 27001 and PCI-DSS
Exposure with multiple scripting / programming languages (especially scripting languages such as Python, Ruby, Perl, etc)
Forensic certifications or experience
Our team come from a variety of backgrounds and we welcome diversity – if you’re unsure, please apply.
Jun 12, 2019
Full time
We’re looking for talented security engineers that can continue to build a secure GoCardless in a fast paced environment that invests in a culture of continuous feedback.
You will play a major and leading role in protecting GoCardless through the implementation of security operations programme and have the opportunity to influence and implement cutting-edge measures to prevent, detect and respond to potential cyber security threats.
As a security operations engineer you will play a key role in ensuring GoCardless teams are taking all required steps in operating and building a secure product set including logging infrastructure, security monitoring solutions, anomaly detection, etc.
Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead cross-functionally. You will be working alongside our Product Managers and audit specialists to design and implement measures that will keep GoCardless' products and systems secure.
We work closely with our engineering teams whom are building simple and reliable solutions to complex problems. We keep our development cycles fast, by reviewing and adapting our plans frequently, and by investing in a culture of continuous feedback.
Core responsibilities
Providing subject matter expertise on various areas of security, specifically on security operations
Experience on security use case development, data source on-boarding and different log management and SIEM technologies (i.e Elastic, Splunk, etc.)
Monitoring of metrics associated with security controls to ensure controls are tuned for peak effectiveness
Handling of security operations day-to-day activities, troubleshooting and coordinating resolution or restore using the right tools and processes (activities can be hardware or software failures, security incidents, security breaches, actively looking for threats in logs - threat hunting - etc.)
Professionally manage inbound security-related calls and questions, create tickets, run security-related assessments, security-related user complains, and escalate accordingly
Providing technical support for on call outside normal business hours (if required)
Drive the implementation and dissemination of security KPIs
Liaison with teams for security design, incident handling & education
Participate in cross-team security initiatives
Security tooling selection and/or creation
Perform activities with minimal supervision of routine duties, demonstrate ability to solve practical problems and deal with a variety of concrete variables
Perform scheduled vulnerability assessments and security testing
Requirements
Minimum of five years of security-related experience
Strong analytical and reasoning skills
Experience in other security tooling (Endpoint Security, Web/Network Scanners, SIEM and IDS/IPS, etc.) and its integration into the company systems
A proven and strong depth of expertise in security engineering, system and network security, authentication and security protocols, cryptography and application security, with hands-on experience in web applications for critical 24/7 services
Must have in depth, hands-on experience with security features and system admin of Linux, UNIX and Windows operating systems
Must possess excellent communication skills and ability to cooperate with other business functions
Understanding and exposure of message queue latest technologies such Syslog, Fluentd, GCP PubSub, Logstash, Kafka and SIEM-specific collection mechanisms (i.e. Splunk forwarders, etc.)
Bonus points
BSc/MSc in Computer Science or a related field, or equivalent work
Experience of security in a DevOps environment is preferred and/or experience of Agile methodologies (e.g. Scrum, Kanban)
A comprehensive knowledge of web application security,
Experience in cloud services (GCP, AWS, etc.)
Sound knowledge of the OWASP Top 10 and how they can be prevented
Professional security qualifications are desirable (e.g. CISSP, Offensive Security, GIAC, etc.)
Awareness and experience of the Data Protection Act, ISO 27001 and PCI-DSS
Exposure with multiple scripting / programming languages (especially scripting languages such as Python, Ruby, Perl, etc)
Forensic certifications or experience
Our team come from a variety of backgrounds and we welcome diversity – if you’re unsure, please apply.
We're looking for amazing security engineers to join our team and continue to build a secure GoCardless. We're operating in the dynamic environment of FinTech, so Security is something we take very seriously. We take this as an opportunity to create and implement state of the art measures to minimise exposures and vulnerabilities.
As an App Security engineer, you will play a key role in ensuring GoCardless teams are taking all required steps in building a secure product set including application penetration testing, threat modelling, design reviews, developing our internal tooling and procedures.
Whether you are engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead across business units. You will be working alongside our Product Managers and audit specialists to design and implement measures that will keep GoCardless' platform secure.
We work closely with our engineering teams whom are building simple and reliable solutions to complex problems. We keep our development cycles fast, by reviewing and adapting our plans frequently and by investing in a culture of continuous feedback.
We're primarily built in Ruby and JavaScript using Rails, and we rely on Postgres, ElasticSearch, GCP and Chef. However, we believe in using the best technologies for each task – we have used React where server rendering is needed, Go for our infrastructure, and Python for our data analysis.
What you'll do
Implement measures to secure and protect the GoCardless products and systems.
Perform design reviews and Threat modelling of GoCardless services and products
Perform vulnerability assessments and security testing (we'll expect you to already know the type of security vulnerabilities a company like ours faces)
Providing subject matter expertise on all areas of security and privacy throughout the Software Development lifecycle
Working with development teams for design, code reviews & education continually seeking to shift left
Participate in cross-team security initiatives
Contribute in the formulation of our security strategy
Drive the implementation and dissemination of security critical metrics.
Automating and continually improving our approaches through development of tooling and procedures
What you'll need
STEM degree or related field, or equivalent work experience.
Experience in vulnerability testing and auditing techniques
Hands on experience with scripting and proficiency in programming
Strong analytical and reasoning skills
A proven and strong depth of expertise in security engineering, system and network security, authentication and security protocols, cryptography and application security, with hands-on experience in web applications for critical 24/7 services
A proven understanding of web application security and security architecture applying defence in depth
Able to use and interpret the results from software tools and security testing tooling such as NMap, Nessus, dig, MITM proxies, wireshark.
Can conduct penetration testing / vulnerability assessment on networks, applications within both traditional environments and cloud services, vulnerability assessment, web application testing for OWASP top 10 vulnerabilities.
Not essential, but nice to have
Computer Science degree, or equivalent experience.
Fluency in one or more of: Ruby, Python, or Go
Experience of security in a DevOps environment is preferred and/or experience of Agile methodologies (e.g. Scrum, Kanban)
Experience in multiple programming languages (especially scripting languages such as Python, Ruby, Perl, etc)
A comprehensive knowledge of Web application security
Experience in security tooling (Burp proxy, Web/Network Scanners, Static code analysers, etc.) and its integration into the company systems.
Experience in cloud services such as GCP and AWS
Sound knowledge of the OWASP Top 10 and how they can be prevented
Knowledge of the latest industry threats
Experience of performing security design reviews, threat modelling and risk assessments
Professional security qualifications are desirable (e.g. CISSP, Offensive Security, Sans Institute, etc.)
Awareness and experience of the Data Protection Act, ISO 27001 and PCI-DSS
You should apply if:
You're passionate about security and technology
You care deeply about building reliable, well-tested and secure systems
You enjoy solving problems and automating responses for recurrent issues
You thrive in a culture of code review
You enjoy working in a diverse company that welcomes fresh thinking
Jun 12, 2019
Full time
We're looking for amazing security engineers to join our team and continue to build a secure GoCardless. We're operating in the dynamic environment of FinTech, so Security is something we take very seriously. We take this as an opportunity to create and implement state of the art measures to minimise exposures and vulnerabilities.
As an App Security engineer, you will play a key role in ensuring GoCardless teams are taking all required steps in building a secure product set including application penetration testing, threat modelling, design reviews, developing our internal tooling and procedures.
Whether you are engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead across business units. You will be working alongside our Product Managers and audit specialists to design and implement measures that will keep GoCardless' platform secure.
We work closely with our engineering teams whom are building simple and reliable solutions to complex problems. We keep our development cycles fast, by reviewing and adapting our plans frequently and by investing in a culture of continuous feedback.
We're primarily built in Ruby and JavaScript using Rails, and we rely on Postgres, ElasticSearch, GCP and Chef. However, we believe in using the best technologies for each task – we have used React where server rendering is needed, Go for our infrastructure, and Python for our data analysis.
What you'll do
Implement measures to secure and protect the GoCardless products and systems.
Perform design reviews and Threat modelling of GoCardless services and products
Perform vulnerability assessments and security testing (we'll expect you to already know the type of security vulnerabilities a company like ours faces)
Providing subject matter expertise on all areas of security and privacy throughout the Software Development lifecycle
Working with development teams for design, code reviews & education continually seeking to shift left
Participate in cross-team security initiatives
Contribute in the formulation of our security strategy
Drive the implementation and dissemination of security critical metrics.
Automating and continually improving our approaches through development of tooling and procedures
What you'll need
STEM degree or related field, or equivalent work experience.
Experience in vulnerability testing and auditing techniques
Hands on experience with scripting and proficiency in programming
Strong analytical and reasoning skills
A proven and strong depth of expertise in security engineering, system and network security, authentication and security protocols, cryptography and application security, with hands-on experience in web applications for critical 24/7 services
A proven understanding of web application security and security architecture applying defence in depth
Able to use and interpret the results from software tools and security testing tooling such as NMap, Nessus, dig, MITM proxies, wireshark.
Can conduct penetration testing / vulnerability assessment on networks, applications within both traditional environments and cloud services, vulnerability assessment, web application testing for OWASP top 10 vulnerabilities.
Not essential, but nice to have
Computer Science degree, or equivalent experience.
Fluency in one or more of: Ruby, Python, or Go
Experience of security in a DevOps environment is preferred and/or experience of Agile methodologies (e.g. Scrum, Kanban)
Experience in multiple programming languages (especially scripting languages such as Python, Ruby, Perl, etc)
A comprehensive knowledge of Web application security
Experience in security tooling (Burp proxy, Web/Network Scanners, Static code analysers, etc.) and its integration into the company systems.
Experience in cloud services such as GCP and AWS
Sound knowledge of the OWASP Top 10 and how they can be prevented
Knowledge of the latest industry threats
Experience of performing security design reviews, threat modelling and risk assessments
Professional security qualifications are desirable (e.g. CISSP, Offensive Security, Sans Institute, etc.)
Awareness and experience of the Data Protection Act, ISO 27001 and PCI-DSS
You should apply if:
You're passionate about security and technology
You care deeply about building reliable, well-tested and secure systems
You enjoy solving problems and automating responses for recurrent issues
You thrive in a culture of code review
You enjoy working in a diverse company that welcomes fresh thinking
Want to help us change the way the world moves money?
We build high tech services that allow people to send and receive money easily. Our customers are mostly migrants, sending money home to their families and friends in Africa, Asia and Latin America.
Today only 5% of the remittance market is online – with a large proportion of the industry operating through informal untracked networks. Yet online is predicted to grow to 60% in the next 5-6 years and WorldRemit is driving that shift.
By reducing costs and freeing up time we enable people to make the most of the opportunities that their new life abroad provides and help to release the billions of dollars lost in transferring money to the developing world. This money goes directly to those who need it.
Why do we care about money transfers so much?
Most of our customers are first or second generation migrants. They may be living and working far from their home but still manage to send money back to support their loved ones.
Large international wire transfer companies and banks have been taking advantage of people like this by charging preposterous fees and unfair rates.
With the World Bank estimating $575 billion annually flowing into developing countries - transforming the remittance industry could have a greater impact on international development than every single government aid program combined.
WorldRemit is using innovative technology and growing it’s a global network to make transferring money easier, fairer and more affordable.
How are we doing so far?
WorldRemit has grown at an average 50% year on year
We're now processing over £1.5bn of remittances on an annualised basis
The recently company went through its Series C financing and raised $40m, over $230m in total
The company currently employees over 600 employees and has offices in London, USA, Philippines, Poland, Australia, New Zealand, Canada, Japan, Hong Kong and other locations
Funded by VCs behind companies such as Airbnb, Spotify, Netflix and Facebook
Covering 140+ countries across the globe
The role
As Security Engineers, we are responsible for the overall security posture of Worldremit. The main goal is to investigate and understand our newest projects and technologies and give security guidance to ensure that they are as robust as possible.
You will have:
Strong knowledge of web and API security testing.
Experience with penetration testing of networks and infrastructure.
Review and design the Security Architecture of systems and products.
Ability to perform code and design reviews of internally developed applications.
Skills to automate your tasks (ideally using Python, Perl or Bash).
Develop security training for our software engineers.
Ensure that identified issues are prioritised and addressed in an appropriate timeframe.
Ability to translate the security risk and impact to other departments and stakeholders.
A proactive mindset.
You will be someone who:
Enjoy both breaking and building.
Willing to compromise when it's necessary and hold firm when it's essential.
Maintain a strong desire to build robust things (But also to break them!).
Is interested in sharing knowledge since we’re all in this together.
Has excellent communication skills.
Already pwn3d Gibson at some point.
Nice to haves
Security certifications (such as eWPT/X, OSCP, Crest CRT/CCT, CISSP, SANS. Avoid mentioning your CEH).
Any developing background experiences.
Knowledge on mobile application security testing.
Understand how agile development methodologies (Scrum, Kanban) work.
Knowledge about SOC / Incident & Response.
Familiarity with Jira, Splunk, AppSec Pipelines.
+2 years of professional experience.
Participation in the security community (CTFs, bug bounty, conferences, etc).
Jun 06, 2019
Full time
Want to help us change the way the world moves money?
We build high tech services that allow people to send and receive money easily. Our customers are mostly migrants, sending money home to their families and friends in Africa, Asia and Latin America.
Today only 5% of the remittance market is online – with a large proportion of the industry operating through informal untracked networks. Yet online is predicted to grow to 60% in the next 5-6 years and WorldRemit is driving that shift.
By reducing costs and freeing up time we enable people to make the most of the opportunities that their new life abroad provides and help to release the billions of dollars lost in transferring money to the developing world. This money goes directly to those who need it.
Why do we care about money transfers so much?
Most of our customers are first or second generation migrants. They may be living and working far from their home but still manage to send money back to support their loved ones.
Large international wire transfer companies and banks have been taking advantage of people like this by charging preposterous fees and unfair rates.
With the World Bank estimating $575 billion annually flowing into developing countries - transforming the remittance industry could have a greater impact on international development than every single government aid program combined.
WorldRemit is using innovative technology and growing it’s a global network to make transferring money easier, fairer and more affordable.
How are we doing so far?
WorldRemit has grown at an average 50% year on year
We're now processing over £1.5bn of remittances on an annualised basis
The recently company went through its Series C financing and raised $40m, over $230m in total
The company currently employees over 600 employees and has offices in London, USA, Philippines, Poland, Australia, New Zealand, Canada, Japan, Hong Kong and other locations
Funded by VCs behind companies such as Airbnb, Spotify, Netflix and Facebook
Covering 140+ countries across the globe
The role
As Security Engineers, we are responsible for the overall security posture of Worldremit. The main goal is to investigate and understand our newest projects and technologies and give security guidance to ensure that they are as robust as possible.
You will have:
Strong knowledge of web and API security testing.
Experience with penetration testing of networks and infrastructure.
Review and design the Security Architecture of systems and products.
Ability to perform code and design reviews of internally developed applications.
Skills to automate your tasks (ideally using Python, Perl or Bash).
Develop security training for our software engineers.
Ensure that identified issues are prioritised and addressed in an appropriate timeframe.
Ability to translate the security risk and impact to other departments and stakeholders.
A proactive mindset.
You will be someone who:
Enjoy both breaking and building.
Willing to compromise when it's necessary and hold firm when it's essential.
Maintain a strong desire to build robust things (But also to break them!).
Is interested in sharing knowledge since we’re all in this together.
Has excellent communication skills.
Already pwn3d Gibson at some point.
Nice to haves
Security certifications (such as eWPT/X, OSCP, Crest CRT/CCT, CISSP, SANS. Avoid mentioning your CEH).
Any developing background experiences.
Knowledge on mobile application security testing.
Understand how agile development methodologies (Scrum, Kanban) work.
Knowledge about SOC / Incident & Response.
Familiarity with Jira, Splunk, AppSec Pipelines.
+2 years of professional experience.
Participation in the security community (CTFs, bug bounty, conferences, etc).
About Us
Form3 is a disruptive fintech startup on a mission to make payments easier, faster and cheaper for fintechs, challenger banks, ecommerce gateways, card providers and traditional banks wanting to reinvent themselves. Our customers include everyone from FinTech, challenger banks, ecommerce gateways and card providers, through to older traditional banks that are trying to reinvent themselves.
What we're looking for
We’re looking for an experienced Information Security Officer to support our current Head of Information Security. A security specialist with strong working knowledge and understanding of information security frameworks (IS027001, ISAE3000/SOC2, SOC1, GPDR and PCI DSS), security operations and application security best practices. A versatile Security Officer, with experience working with public cloud, in particular AWS and the AWS security services. Particular exposure to developing, implementing, auditing and improving information security policies and procedures aligned to relevant industry frameworks/standards.
Your skills
Creating/maintaining an ISO27001 ISMS or PCI compliance project and operation.
Performing Business Impact Analysis, risk assessment and treatment.
Operating, maintaining, auditing and improving Vulnerability Management, SIEM and Threat Intelligence systems.
Perform response analytics during and after an incident, determine root cause and proper mitigation of cyber security events.
To remain up to date with the latest threats and vulnerabilities to ensure operational tools and processes are up to date, introduce process improvements and ensure incident response plans are up to date and effectively tested.
Ensure that customer information and information systems are protected from unauthorised access / intrusion, use, disclosure, disruption, modification or destruction.
Perform periodic internal audits against policies and procedures to ensure conformance.
Participate and assist in external audit activities.
Perform periodic audit, review and contribute to the continuous improvement of IT security standards, processes and procedures.
Knowledge of various technologies and operating systems and their related security configuration, hardening and risks, ie Linux/Unix, Mac OS, Containers, Office 365, etc.
Deliver Information Security and awareness training programs.
Our Benefits
Competitive Salary
30 days holiday (plus Bank Holidays)
Flexible hours/Remote Working
Company Bonus Scheme
Pension Contribution
Team Events
An incredible team to work with
A strong and clear company culture
You’ll get the opportunity to be part of a rapidly scaling FinTech company, working alongside some of the brightest talents in tech and payments
Apr 04, 2019
Full time
About Us
Form3 is a disruptive fintech startup on a mission to make payments easier, faster and cheaper for fintechs, challenger banks, ecommerce gateways, card providers and traditional banks wanting to reinvent themselves. Our customers include everyone from FinTech, challenger banks, ecommerce gateways and card providers, through to older traditional banks that are trying to reinvent themselves.
What we're looking for
We’re looking for an experienced Information Security Officer to support our current Head of Information Security. A security specialist with strong working knowledge and understanding of information security frameworks (IS027001, ISAE3000/SOC2, SOC1, GPDR and PCI DSS), security operations and application security best practices. A versatile Security Officer, with experience working with public cloud, in particular AWS and the AWS security services. Particular exposure to developing, implementing, auditing and improving information security policies and procedures aligned to relevant industry frameworks/standards.
Your skills
Creating/maintaining an ISO27001 ISMS or PCI compliance project and operation.
Performing Business Impact Analysis, risk assessment and treatment.
Operating, maintaining, auditing and improving Vulnerability Management, SIEM and Threat Intelligence systems.
Perform response analytics during and after an incident, determine root cause and proper mitigation of cyber security events.
To remain up to date with the latest threats and vulnerabilities to ensure operational tools and processes are up to date, introduce process improvements and ensure incident response plans are up to date and effectively tested.
Ensure that customer information and information systems are protected from unauthorised access / intrusion, use, disclosure, disruption, modification or destruction.
Perform periodic internal audits against policies and procedures to ensure conformance.
Participate and assist in external audit activities.
Perform periodic audit, review and contribute to the continuous improvement of IT security standards, processes and procedures.
Knowledge of various technologies and operating systems and their related security configuration, hardening and risks, ie Linux/Unix, Mac OS, Containers, Office 365, etc.
Deliver Information Security and awareness training programs.
Our Benefits
Competitive Salary
30 days holiday (plus Bank Holidays)
Flexible hours/Remote Working
Company Bonus Scheme
Pension Contribution
Team Events
An incredible team to work with
A strong and clear company culture
You’ll get the opportunity to be part of a rapidly scaling FinTech company, working alongside some of the brightest talents in tech and payments
Description
About The Role
SoFi is seeking an experienced Information Security professional to further its Application Security program. The ideal candidate comes with a strong background in offensive security and is able to implement scalable solutions to mitigate security threats.
As a member of the Information Security function, you will be part of a team of highly skilled engineers tuned-in to threat research and technical innovation. You will work closely with engineering teams and other business functions to tackle complex technical problems and build secure products.
At SoFi, you’ll become part of a new kind of finance company based around speed, transparency, and alignment with our members’ interests. Our goal is to be at the center of our members’ financial lives. We created student loan refinancing, addressing the biggest financial challenge of a new generation through a modern approach to lending and personal finance. We expanded into other types of loans, and then into insurance and wealth management with similarly inventive products and soon to be launched SoFi money a modern take on a checking or savings account. As the company has grown, we’ve been able to help more people with these tools. SoFi has achieved significant growth, with ambitious plans ahead, but to continue this growth we need great talent.
Responsibilities
Perform technical security assessments, pentests, code audits and design reviews
Develop solutions to scale security testing and enable engineering teams to identify security flaws pre-production
Act as advisor in the area of secure development and threat mitigation
Create and manage the bug bounty program
Demonstrate leadership through evangelizing security, identification of issues and driving resolution across corporate functions
Minimum qualifications
BS degree in Computer Science or related technical field or equivalent practical experience
2+ years of experience in application security testing
Strong knowledge of web application security design, threats and mitigations
Practical experience in security engineering, authentication standards (OAUTH, JWT, etc.) and applied cryptography
Develop and execute secure application development training exercises
Self-starter with strong interpersonal and communication skills
Preferred qualifications
Software development experience in Java, Javascript and interpreted languages (Perl, Python, etc)
Experience in mobile security design and assessment
Working knowledge of Amazon Web Services (AWS) security
Experience developing security tools
Benefits
Lunch Stipend, a fully stocked kitchen, and subsidized gym membership.
Competitive salary packages and bonuses.
A flexible vacation policy allows you to truly relax and reboot.
Comprehensive health, vision, dental, and life insurance as well as disability benefits.
100% of health, vision, and dental premiums paid by SoFI for employees and their dependents.
401(k) and education on retirement planning.
Tuition reimbursement on approved programs, up to $5,250 a year.
Monthly contribution to help you pay off your student loans.
Sep 20, 2018
Full time
Description
About The Role
SoFi is seeking an experienced Information Security professional to further its Application Security program. The ideal candidate comes with a strong background in offensive security and is able to implement scalable solutions to mitigate security threats.
As a member of the Information Security function, you will be part of a team of highly skilled engineers tuned-in to threat research and technical innovation. You will work closely with engineering teams and other business functions to tackle complex technical problems and build secure products.
At SoFi, you’ll become part of a new kind of finance company based around speed, transparency, and alignment with our members’ interests. Our goal is to be at the center of our members’ financial lives. We created student loan refinancing, addressing the biggest financial challenge of a new generation through a modern approach to lending and personal finance. We expanded into other types of loans, and then into insurance and wealth management with similarly inventive products and soon to be launched SoFi money a modern take on a checking or savings account. As the company has grown, we’ve been able to help more people with these tools. SoFi has achieved significant growth, with ambitious plans ahead, but to continue this growth we need great talent.
Responsibilities
Perform technical security assessments, pentests, code audits and design reviews
Develop solutions to scale security testing and enable engineering teams to identify security flaws pre-production
Act as advisor in the area of secure development and threat mitigation
Create and manage the bug bounty program
Demonstrate leadership through evangelizing security, identification of issues and driving resolution across corporate functions
Minimum qualifications
BS degree in Computer Science or related technical field or equivalent practical experience
2+ years of experience in application security testing
Strong knowledge of web application security design, threats and mitigations
Practical experience in security engineering, authentication standards (OAUTH, JWT, etc.) and applied cryptography
Develop and execute secure application development training exercises
Self-starter with strong interpersonal and communication skills
Preferred qualifications
Software development experience in Java, Javascript and interpreted languages (Perl, Python, etc)
Experience in mobile security design and assessment
Working knowledge of Amazon Web Services (AWS) security
Experience developing security tools
Benefits
Lunch Stipend, a fully stocked kitchen, and subsidized gym membership.
Competitive salary packages and bonuses.
A flexible vacation policy allows you to truly relax and reboot.
Comprehensive health, vision, dental, and life insurance as well as disability benefits.
100% of health, vision, and dental premiums paid by SoFI for employees and their dependents.
401(k) and education on retirement planning.
Tuition reimbursement on approved programs, up to $5,250 a year.
Monthly contribution to help you pay off your student loans.
Robinhood is democratizing access to America’s financial system. Our platform offers commission-free investing in U.S. stocks, ETFs, options, and cryptocurrencies. Robinhood Financial, our broker-dealer, is the fastest-growing brokerage ever, with over four million users and billions of dollars in transaction volume. Robinhood has received the Apple Design Award, the Google Material Design Award, and was named Fast Company’s 11th Most Innovative Company in the World.
We’re backed with $539 million in capital from top-tier investors such as DST Global, NEA, Index Ventures, Thrive Capital, Sequoia, and KPCB, and valued at $5.6 billion. Robinhood is based in Menlo Park, California with a regional office in Lake Mary, Florida.
About the Role
The Securities Lending Operations Manager will be responsible for designing and executing Robinhood Securities’ Securities Lending back office function, so it scales to support Robinhood’s ambitious growth plans for Securities Lending. The candidate will design, implement, iterate on, and oversee our securities lending back-office areas: new account onboarding, securities lending trade processing and settlements, buy ins, recalls, call-backs, fully paid program (tracking, compliance, payment) and regulatory reporting. The candidate will also oversee processes including operational issues, new strategy implementation and product offerings. They will be responsible for managing regulatory risk and for compliance with Firm policy, SEC rules, and FINRA regulations. The candidate will also work cross-functionally to champion a compliant culture and business.
As a Securities Lending Operations Manager you'll:
Design and test operational procedures and processes for all aspects of Securities Lending including the fully paid program.
Adhere to and remain compliant with Robinhood Securities’ back office related Written Supervisory Procedures.
Lead the operations team in processing Robinhood Securities’ regulatory inquiries, reporting and audits.
Manage and resolve escalated issues from trading and operations.
Liaise with compliance, trading, and business management to ensure strategies are implemented and objectives are met.
Coordinate operations team roles and responsibilities with the business.
Review workflow process, develop strategy and employ tactics for the day to day operations of the back office.
Some things we consider critical for the role:
Ability to learn quickly, think critically and apply problem-solving skills to resolve issues and implement process improvements.
Trustworthy, self-motivated and able to thrive in an entrepreneurial environment.
Great communication and relationship management skills.
A passion for Robinhood’s product and our mission to democratize access to America’s Financial System.
Bachelor’s degree from an accredited institution.
FINRA Series 7 or 99.
5+ years working in Securities lending back office operations.
Experience working with regulators and/or completing an SRO audit.
Sep 19, 2018
Full time
Robinhood is democratizing access to America’s financial system. Our platform offers commission-free investing in U.S. stocks, ETFs, options, and cryptocurrencies. Robinhood Financial, our broker-dealer, is the fastest-growing brokerage ever, with over four million users and billions of dollars in transaction volume. Robinhood has received the Apple Design Award, the Google Material Design Award, and was named Fast Company’s 11th Most Innovative Company in the World.
We’re backed with $539 million in capital from top-tier investors such as DST Global, NEA, Index Ventures, Thrive Capital, Sequoia, and KPCB, and valued at $5.6 billion. Robinhood is based in Menlo Park, California with a regional office in Lake Mary, Florida.
About the Role
The Securities Lending Operations Manager will be responsible for designing and executing Robinhood Securities’ Securities Lending back office function, so it scales to support Robinhood’s ambitious growth plans for Securities Lending. The candidate will design, implement, iterate on, and oversee our securities lending back-office areas: new account onboarding, securities lending trade processing and settlements, buy ins, recalls, call-backs, fully paid program (tracking, compliance, payment) and regulatory reporting. The candidate will also oversee processes including operational issues, new strategy implementation and product offerings. They will be responsible for managing regulatory risk and for compliance with Firm policy, SEC rules, and FINRA regulations. The candidate will also work cross-functionally to champion a compliant culture and business.
As a Securities Lending Operations Manager you'll:
Design and test operational procedures and processes for all aspects of Securities Lending including the fully paid program.
Adhere to and remain compliant with Robinhood Securities’ back office related Written Supervisory Procedures.
Lead the operations team in processing Robinhood Securities’ regulatory inquiries, reporting and audits.
Manage and resolve escalated issues from trading and operations.
Liaise with compliance, trading, and business management to ensure strategies are implemented and objectives are met.
Coordinate operations team roles and responsibilities with the business.
Review workflow process, develop strategy and employ tactics for the day to day operations of the back office.
Some things we consider critical for the role:
Ability to learn quickly, think critically and apply problem-solving skills to resolve issues and implement process improvements.
Trustworthy, self-motivated and able to thrive in an entrepreneurial environment.
Great communication and relationship management skills.
A passion for Robinhood’s product and our mission to democratize access to America’s Financial System.
Bachelor’s degree from an accredited institution.
FINRA Series 7 or 99.
5+ years working in Securities lending back office operations.
Experience working with regulators and/or completing an SRO audit.
Robinhood is changing the way America invests. We believe our financial system should work for everyone and not just a few. We offer commission-free trading for stocks, ETFs, options, and cryptocurrencies—all in one, user-friendly platform. Since our public launch in 2015, we’ve enabled millions of people to participate in the markets, cementing us as the fastest-growing brokerage ever.
About the Role
We are looking for a Software Engineer to work within our Security Engineering team to build tools and services that secure our platform and our users. As a Software Security Engineer, you will be responsible for building services that protect our users from attacks such as account takeover, phishing, and other such common attacks. You will also work with the backend engineering team to build out microservices that our APIs can interact with for central services such as authentication, authorization, and risk monitoring. You will be critical in further developing our user trust and safety infrastructure to ensure that our users’ data and information is protected using the best mechanisms available. You will work with our data science team to understand risk and attack patterns to build threat intelligence tools to help predict potential attacks against the platform and defend against these patterns as well.
As a Software Security Engineer you will:
Build microservices for core infrastructure such as authentication
Work with the product and backend engineering teams to build a user trust and safety product
Work with the security team to fix any security bugs that are identified
Work with the data science team to use patterns of suspicious activity to proactively build tools to prevent such activity.
Some things we consider critical to being a Software Security Engineer :
5+ years of experience in Software Engineering
Familiarity with AWS or other cloud systems
Familiarity with Docker, Kubernetes, or other container based systems.
Proficiency in Python, or similar dynamic programming language.
Proficiency in SQL and SQL-like databases
Experience building standalone APIs that can be consumed by various types of clients
Experience working with Security, DevOps, and Incident Response teams.
Nice to haves:
Experience with deployment tools such as SaltStack, Ansible, etc.
Experience with web frameworks (EmberJS, ReactJS, etc.)
Experience with data warehousing and data analysis
Experience in Finance and portfolio trading.
Sep 19, 2018
Full time
Robinhood is changing the way America invests. We believe our financial system should work for everyone and not just a few. We offer commission-free trading for stocks, ETFs, options, and cryptocurrencies—all in one, user-friendly platform. Since our public launch in 2015, we’ve enabled millions of people to participate in the markets, cementing us as the fastest-growing brokerage ever.
About the Role
We are looking for a Software Engineer to work within our Security Engineering team to build tools and services that secure our platform and our users. As a Software Security Engineer, you will be responsible for building services that protect our users from attacks such as account takeover, phishing, and other such common attacks. You will also work with the backend engineering team to build out microservices that our APIs can interact with for central services such as authentication, authorization, and risk monitoring. You will be critical in further developing our user trust and safety infrastructure to ensure that our users’ data and information is protected using the best mechanisms available. You will work with our data science team to understand risk and attack patterns to build threat intelligence tools to help predict potential attacks against the platform and defend against these patterns as well.
As a Software Security Engineer you will:
Build microservices for core infrastructure such as authentication
Work with the product and backend engineering teams to build a user trust and safety product
Work with the security team to fix any security bugs that are identified
Work with the data science team to use patterns of suspicious activity to proactively build tools to prevent such activity.
Some things we consider critical to being a Software Security Engineer :
5+ years of experience in Software Engineering
Familiarity with AWS or other cloud systems
Familiarity with Docker, Kubernetes, or other container based systems.
Proficiency in Python, or similar dynamic programming language.
Proficiency in SQL and SQL-like databases
Experience building standalone APIs that can be consumed by various types of clients
Experience working with Security, DevOps, and Incident Response teams.
Nice to haves:
Experience with deployment tools such as SaltStack, Ansible, etc.
Experience with web frameworks (EmberJS, ReactJS, etc.)
Experience with data warehousing and data analysis
Experience in Finance and portfolio trading.
We are looking for Security Engineers who are security subject matter experts and can be primary points of contact for our developers. You will solve security challenges by working directly with fellow engineers, balancing product developments against security risk solutions that allow us to deliver product quickly and securely.
We also think it is very important to provide this knowledge and insight to our customers as well. So along with making sure that our internal systems are healthy and secure, you would also be expected to democratize that learning to our customers. This is a good summary of what we are trying to accomplish with this role: https://medium.com/synapsefi/security-as-a-service-c5c71c8f47d 0.
In order to be successful at Synapse, you should have:
A drive to help democratize best in class financial products
An ability to work independently within a small, fast-paced team
An entrepreneurial spirit and unrelenting passion to deliver the best service possible
The ability to implement feedback, learn quickly, and contribute new ideas
A general concern for the wellbeing of others and the desire to work on problems that maximize a positive future for humanity
Key Qualifications:
Strong understanding of OWASP Top 10
Familiarity with testing tools like Burp Suite
Deep knowledge of HTTP and other basic web protocols
Minimum two years of work experience
Perks:
Growth Potential
Competitive Salary
Insurance (Health // Dental // Vision)
401(k)
Temporary Housing (for those relocating to San Francisco)
Catered lunch and commuter benefits
Compensation:
$70K - $90K
0.0% - 0.007%
We are looking for top notch individuals who are seeking a challenge. Our company is growing quickly. This is an exciting time to join our team. If you are interested in adding value to our team, please apply and we will be in touch.
Sep 11, 2018
Full time
We are looking for Security Engineers who are security subject matter experts and can be primary points of contact for our developers. You will solve security challenges by working directly with fellow engineers, balancing product developments against security risk solutions that allow us to deliver product quickly and securely.
We also think it is very important to provide this knowledge and insight to our customers as well. So along with making sure that our internal systems are healthy and secure, you would also be expected to democratize that learning to our customers. This is a good summary of what we are trying to accomplish with this role: https://medium.com/synapsefi/security-as-a-service-c5c71c8f47d 0.
In order to be successful at Synapse, you should have:
A drive to help democratize best in class financial products
An ability to work independently within a small, fast-paced team
An entrepreneurial spirit and unrelenting passion to deliver the best service possible
The ability to implement feedback, learn quickly, and contribute new ideas
A general concern for the wellbeing of others and the desire to work on problems that maximize a positive future for humanity
Key Qualifications:
Strong understanding of OWASP Top 10
Familiarity with testing tools like Burp Suite
Deep knowledge of HTTP and other basic web protocols
Minimum two years of work experience
Perks:
Growth Potential
Competitive Salary
Insurance (Health // Dental // Vision)
401(k)
Temporary Housing (for those relocating to San Francisco)
Catered lunch and commuter benefits
Compensation:
$70K - $90K
0.0% - 0.007%
We are looking for top notch individuals who are seeking a challenge. Our company is growing quickly. This is an exciting time to join our team. If you are interested in adding value to our team, please apply and we will be in touch.
DESCRIPTION
About Monese
At Monese we believe that access to banking and financial services is a right that everybody should enjoy. We are on a mission to ensure that anyone in the world who needs a bank account can get one. By using leading edge technology via smartphones, we offer services that are easy to access, simple to use and cheap to run for anybody.
The first Monese product already serves hundreds of thousands of customers in the UK and Europe, and we are adding new services on a regular basis.
Our fast-growing team is located in London, UK, Tallinn, Estonia and Lisbon, Portugal. By working with us, you will be part of a carefully selected team who are great at what they do and share the belief in our mission of making banking available to everybody. We’re not just a start-up with an idea; we have a proven business model that is growing exponentially and generates strong revenues.
Job Description
As IT Security Engineer at Monese you will be responsible for protecting the organisation’s computers, networks and data against threats, such as security breaches, computer viruses or attacks by cyber-criminals. You will be required to evaluate and identify any potential Security Threats to the business and to ensure the proper and robust risk mitigation systems are in place.
You will also ensure the appropriate Information and Cyber Security controls are effectively implemented and managed. You will be relied upon for carrying out good practice and behaviours in all the teams and informing Head of Internal IT where and when improvements need to be made.
Role responsibilities:
Provide guidance and assist business stakeholders with (IT) Governance and Information Security enterprise.
Manage security audits and report audit issues.
Educate and support the team leads on all IS matters.
Contribute to the future Information Security & Governance strategy Accountable for ISO 27001 ISMS maintenance and related activities.
Manage and maintain Information Security Audit program and Risk Event Register.
Ensure Monese is compliant with the GPDR legislation that must be enforced and of relevance to the appropriate running of Monese.
Audit and manage any reported breaches from the security auditor(s) and ensure the escalation of these reports according to the organisation’s policies.
Providing reporting on a monthly/bi-monthly/quarterly basis for the key stakeholders detailing any breaches.
Ensuring that all IT services are reliable and secure.
Proactively improving services security and quality.
Cooperating with Internal IT, software and quality engineers to ensure that all teams are on the same page with regards to IS.
REQUIREMENTS
Strong background and proven track record in IT (IT support, System Administration, Software Development)
3+ years of experience in IT security
Ideally IT Security / Computer Science related degree or certification
Have strong knowledge of IT systems, processes and controls
Understanding of Database, Networking and Systems
Experience with Antivirus software and web proxy management
Governance, Risk and Compliance (GRC) – Including ISO 27001, GDPR
Understanding of applicable UK law and regulations in relation to IT Security
Aware of current developments in IT security
A thorough understanding of information security principles
Strong analytical skills
Ability to prioritise tasks, communicate effectively and recognise the value of collaboration between team members
BENEFITS
Benefits of working at Monese:
Opportunities to progress in your career, being an essential part of a growing team and processes
An opportunity for independent and self-reliant work
Knowing your contributions matter on every level in making our product the best it can be
International team and fun office environment with plenty of perks
An incredible team of open-minded people dedicated to creating the best banking product yet
Stock options.
Sep 10, 2018
Full time
DESCRIPTION
About Monese
At Monese we believe that access to banking and financial services is a right that everybody should enjoy. We are on a mission to ensure that anyone in the world who needs a bank account can get one. By using leading edge technology via smartphones, we offer services that are easy to access, simple to use and cheap to run for anybody.
The first Monese product already serves hundreds of thousands of customers in the UK and Europe, and we are adding new services on a regular basis.
Our fast-growing team is located in London, UK, Tallinn, Estonia and Lisbon, Portugal. By working with us, you will be part of a carefully selected team who are great at what they do and share the belief in our mission of making banking available to everybody. We’re not just a start-up with an idea; we have a proven business model that is growing exponentially and generates strong revenues.
Job Description
As IT Security Engineer at Monese you will be responsible for protecting the organisation’s computers, networks and data against threats, such as security breaches, computer viruses or attacks by cyber-criminals. You will be required to evaluate and identify any potential Security Threats to the business and to ensure the proper and robust risk mitigation systems are in place.
You will also ensure the appropriate Information and Cyber Security controls are effectively implemented and managed. You will be relied upon for carrying out good practice and behaviours in all the teams and informing Head of Internal IT where and when improvements need to be made.
Role responsibilities:
Provide guidance and assist business stakeholders with (IT) Governance and Information Security enterprise.
Manage security audits and report audit issues.
Educate and support the team leads on all IS matters.
Contribute to the future Information Security & Governance strategy Accountable for ISO 27001 ISMS maintenance and related activities.
Manage and maintain Information Security Audit program and Risk Event Register.
Ensure Monese is compliant with the GPDR legislation that must be enforced and of relevance to the appropriate running of Monese.
Audit and manage any reported breaches from the security auditor(s) and ensure the escalation of these reports according to the organisation’s policies.
Providing reporting on a monthly/bi-monthly/quarterly basis for the key stakeholders detailing any breaches.
Ensuring that all IT services are reliable and secure.
Proactively improving services security and quality.
Cooperating with Internal IT, software and quality engineers to ensure that all teams are on the same page with regards to IS.
REQUIREMENTS
Strong background and proven track record in IT (IT support, System Administration, Software Development)
3+ years of experience in IT security
Ideally IT Security / Computer Science related degree or certification
Have strong knowledge of IT systems, processes and controls
Understanding of Database, Networking and Systems
Experience with Antivirus software and web proxy management
Governance, Risk and Compliance (GRC) – Including ISO 27001, GDPR
Understanding of applicable UK law and regulations in relation to IT Security
Aware of current developments in IT security
A thorough understanding of information security principles
Strong analytical skills
Ability to prioritise tasks, communicate effectively and recognise the value of collaboration between team members
BENEFITS
Benefits of working at Monese:
Opportunities to progress in your career, being an essential part of a growing team and processes
An opportunity for independent and self-reliant work
Knowing your contributions matter on every level in making our product the best it can be
International team and fun office environment with plenty of perks
An incredible team of open-minded people dedicated to creating the best banking product yet
Stock options.
At Symphony, we’re on a mission to help people communicate, collaborate and enjoy their work. Our secure messaging and meetings platform is changing the way people do business in information sensitive industries. Our customers are fast-paced, and rely on Symphony to keep up, while ensuring complete data privacy and information security.
We are seeking a passionate and experienced Information Security Analyst to augment our efforts in Vulnerability Management, including protection and understanding of risk in relation to business information assets and, building systems that are compliant & meet global security standards. This role reports to the Director of Infrastructure Security and helps protect the confidentiality, integrity and availability of information assets with a critical focus on Symphony’s vulnerability management program.
RESPONSIBILITIES:
Triage & Analyze reports from Symphony’s Bug Bounty Program and other external or internal sources, take appropriate action and respond to maintain Symphony’s level of security
Reproduce reported application vulnerabilities
Collaborate with colleagues at all levels of the organization, across all business and technology functions, in order to advance and support the vulnerability management program
Track, triage and schedule component vulnerabilities used across IT and Cloud infrastructures
Analyze, identify improvements, and optimize Symphony’s vulnerability management processes
Cross-train with team members on all other Infrastructure Security Tools such as SIEM, Firewall, monitoring tools
REQUIRED QUALIFICATIONS:
5-6 years’ relevant experience focused on vulnerability management for web applications
CISSP or relevant SANS certification
Proven experience of combined security and\or IT work experience in a position focused primarily on application security
Knowledge of Information Security standards and secure coding best practices
Experience with conducting network, operation system, database and/or vulnerability assessments and security configuration/hardening audits
Knowledge of Static and Dynamic Analysis tools (SAST/DAST) such as Veracode, Checkmarx, SonarQube, OWASP ZAP
Excellent Verbal and Written Communication Skills
Nice to have:
Java development background
Python and/or other scripting abilities
CEH or OSCP certification
ABOUT SYMPHONY:
Symphony transforms the way users communicate effectively and securely with a single workflow application. Forging a new path in the industry, Symphony is designed to help individuals, teams and organizations of all sizes improve productivity, while meeting complex data security and regulatory compliance needs. Symphony was founded in October 2014 and is headquartered in Palo Alto, CA, with offices in New York, Hong Kong, Singapore, Tokyo, Stockholm, Sophia-Antipolis and London.
Symphony has raised roughly $300 million from the world’s largest financial institutions and recognized investors such as Bank of America - Merrill Lynch, Barclays, BNP Paribas, Citibank, Goldman Sachs, JP Morgan Chase, BlackRock, Credit Suisse, Deutsche Bank, HSBC, Wells Fargo, UBS, Société Générale as well as Google.
We’re looking for top-notch talent to join our team to help us change the way the world communicates. If you have the skills and savvy to work with a world-class team and an appetite for game-changing disruption, we want to hear from you!
BENEFITS AND PERKS*:
Medical, dental, and vision coverage
401(K) plan
Life and AD&D coverage
Short-term and long-term disability coverage
Employee assistance program
Flexible spending account benefits
Unlimited vacation and sick time
Fully stocked kitchen and catered or reimbursed lunches
Discounted gym memberships
Many other fun and exciting benefits and activities!
COMPENSATION:
Competitive salary
Bonus Plan
Equity
*Benefits and Perks vary based on location.
Symphony reserves the right of ownership for all unsolicited resumes submitted for this requisition and is not responsible for any fees associated with unsolicited resumes. Symphony is an Equal Opportunity Employer. Symphony participates in E-Verify.
Any offer of employment is conditioned upon the completion of an I-9 form and submission of the appropriate documents for identity and work authorization.
Sep 07, 2018
Full time
At Symphony, we’re on a mission to help people communicate, collaborate and enjoy their work. Our secure messaging and meetings platform is changing the way people do business in information sensitive industries. Our customers are fast-paced, and rely on Symphony to keep up, while ensuring complete data privacy and information security.
We are seeking a passionate and experienced Information Security Analyst to augment our efforts in Vulnerability Management, including protection and understanding of risk in relation to business information assets and, building systems that are compliant & meet global security standards. This role reports to the Director of Infrastructure Security and helps protect the confidentiality, integrity and availability of information assets with a critical focus on Symphony’s vulnerability management program.
RESPONSIBILITIES:
Triage & Analyze reports from Symphony’s Bug Bounty Program and other external or internal sources, take appropriate action and respond to maintain Symphony’s level of security
Reproduce reported application vulnerabilities
Collaborate with colleagues at all levels of the organization, across all business and technology functions, in order to advance and support the vulnerability management program
Track, triage and schedule component vulnerabilities used across IT and Cloud infrastructures
Analyze, identify improvements, and optimize Symphony’s vulnerability management processes
Cross-train with team members on all other Infrastructure Security Tools such as SIEM, Firewall, monitoring tools
REQUIRED QUALIFICATIONS:
5-6 years’ relevant experience focused on vulnerability management for web applications
CISSP or relevant SANS certification
Proven experience of combined security and\or IT work experience in a position focused primarily on application security
Knowledge of Information Security standards and secure coding best practices
Experience with conducting network, operation system, database and/or vulnerability assessments and security configuration/hardening audits
Knowledge of Static and Dynamic Analysis tools (SAST/DAST) such as Veracode, Checkmarx, SonarQube, OWASP ZAP
Excellent Verbal and Written Communication Skills
Nice to have:
Java development background
Python and/or other scripting abilities
CEH or OSCP certification
ABOUT SYMPHONY:
Symphony transforms the way users communicate effectively and securely with a single workflow application. Forging a new path in the industry, Symphony is designed to help individuals, teams and organizations of all sizes improve productivity, while meeting complex data security and regulatory compliance needs. Symphony was founded in October 2014 and is headquartered in Palo Alto, CA, with offices in New York, Hong Kong, Singapore, Tokyo, Stockholm, Sophia-Antipolis and London.
Symphony has raised roughly $300 million from the world’s largest financial institutions and recognized investors such as Bank of America - Merrill Lynch, Barclays, BNP Paribas, Citibank, Goldman Sachs, JP Morgan Chase, BlackRock, Credit Suisse, Deutsche Bank, HSBC, Wells Fargo, UBS, Société Générale as well as Google.
We’re looking for top-notch talent to join our team to help us change the way the world communicates. If you have the skills and savvy to work with a world-class team and an appetite for game-changing disruption, we want to hear from you!
BENEFITS AND PERKS*:
Medical, dental, and vision coverage
401(K) plan
Life and AD&D coverage
Short-term and long-term disability coverage
Employee assistance program
Flexible spending account benefits
Unlimited vacation and sick time
Fully stocked kitchen and catered or reimbursed lunches
Discounted gym memberships
Many other fun and exciting benefits and activities!
COMPENSATION:
Competitive salary
Bonus Plan
Equity
*Benefits and Perks vary based on location.
Symphony reserves the right of ownership for all unsolicited resumes submitted for this requisition and is not responsible for any fees associated with unsolicited resumes. Symphony is an Equal Opportunity Employer. Symphony participates in E-Verify.
Any offer of employment is conditioned upon the completion of an I-9 form and submission of the appropriate documents for identity and work authorization.
Technical Project Manager, Security will work with cross functional teams to lead complex technical security projects that ensure the protection of data, assets, and employees.
WHAT YOU’LL DO:
Own the lifecycle of technical security projects
Coordinate with cross functional teams, and vendors to define and manage project scope, schedule, and overall plans
Collaborate with operations, engineering, security, and other internal teams to identify, understand, and address their needs with technical security solutions
Maintain documentation throughout project lifecycle and prepare reports for security leadership and other key stakeholders
WHAT WE ARE LOOKING FOR:
Bachelor's degree or equivalent experience in a related field (project management, information security, etc.)
3+ years of project management experience in a corporate or startup environment with technology background
Security or project management certifications (i.e. CISSP, PMP) certifications preferred
Proven ability to work creatively and analytically in a high growth fast paced environment preferred
Highly organized, with solid time management skills and acute attention to detail preferred
WHO WE ARE:
Ripple provides one frictionless experience to send money globally using the power of blockchain. By joining Ripple’s growing, global network, financial institutions can process their customers’ payments anywhere in the world instantly, reliably and cost-effectively. Banks and payment providers can use the digital asset XRP to further reduce their costs and access new markets.
With offices in San Francisco, New York, London, Sydney, Mumbai, Singapore and Luxembourg, Ripple has more than 100 customers around the world.
Ripple is an Equal Opportunity Employer. We’re committed to building a diverse and inclusive team. We do not discriminate against qualified employees or applicants because of race, color, religion, gender identity, sex, sexual preference, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other characteristic protected by local law or ordinance.
Sep 05, 2018
Full time
Technical Project Manager, Security will work with cross functional teams to lead complex technical security projects that ensure the protection of data, assets, and employees.
WHAT YOU’LL DO:
Own the lifecycle of technical security projects
Coordinate with cross functional teams, and vendors to define and manage project scope, schedule, and overall plans
Collaborate with operations, engineering, security, and other internal teams to identify, understand, and address their needs with technical security solutions
Maintain documentation throughout project lifecycle and prepare reports for security leadership and other key stakeholders
WHAT WE ARE LOOKING FOR:
Bachelor's degree or equivalent experience in a related field (project management, information security, etc.)
3+ years of project management experience in a corporate or startup environment with technology background
Security or project management certifications (i.e. CISSP, PMP) certifications preferred
Proven ability to work creatively and analytically in a high growth fast paced environment preferred
Highly organized, with solid time management skills and acute attention to detail preferred
WHO WE ARE:
Ripple provides one frictionless experience to send money globally using the power of blockchain. By joining Ripple’s growing, global network, financial institutions can process their customers’ payments anywhere in the world instantly, reliably and cost-effectively. Banks and payment providers can use the digital asset XRP to further reduce their costs and access new markets.
With offices in San Francisco, New York, London, Sydney, Mumbai, Singapore and Luxembourg, Ripple has more than 100 customers around the world.
Ripple is an Equal Opportunity Employer. We’re committed to building a diverse and inclusive team. We do not discriminate against qualified employees or applicants because of race, color, religion, gender identity, sex, sexual preference, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other characteristic protected by local law or ordinance.
At Plaid, we believe that the way consumers and businesses interact with their finances will drastically improve in the next few years. Our goal is to build the tools and infrastructure for developers to create this next generation of financial services applications. Today, hundreds of companies such as Robinhood, Stripe, and Venmo rely on Plaid to integrate with banks and the financial system.
With this work comes the crucial responsibility of protecting our developers and their end-users from malicious actors. We were the first to release account number tokenization through our partnership with Stripe, first to create end-to-end tokenization of consumer financial data, and first to write the spec that several Fortune 50 banks are now implementing to permission consumer and business financial data. At Plaid, security is a critical part of everything that we do, not just something to be scared of.
What excites you
Implementing tools for security monitoring, audit trail collection, event correlation, fraud mitigation and related security needs
Triaging and patching vulnerabilities across Plaid's cloud instances
Providing education and guidance on security topics across the Plaid team
Working with DevOps to ensure that environments are consistent with security controls
Handling various security processes and applications including scanning, host inventorying and code inspection tools
Managing VPN, firewall, SSO/federated identity and other critical operational infrastructure
Working in conjunction with Techops to manage security related MDM activities including endpoint patch management and auditing
Being responsible for external messaging of security processes and systems, and keeping up-to-date with industry developments
What excites us
Ability to code and script to automate common activities and effectively implement various security tools
Experience with log aggregation and correlation tools
Experience evaluating and rolling out security related patches and configuration changes
Experience managing VPN devices and configurations
Experience working with SSO/federated identity solutions
Experience handling security events as they happen
Bonus
Production software engineering experience and mastery of at least one language
Experience doing security operations in a cloud environment, particularly AWS
Experience communicating security policies to 3rd parties in compliance and security review settings
Incident Response experience
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Aug 02, 2018
Full time
At Plaid, we believe that the way consumers and businesses interact with their finances will drastically improve in the next few years. Our goal is to build the tools and infrastructure for developers to create this next generation of financial services applications. Today, hundreds of companies such as Robinhood, Stripe, and Venmo rely on Plaid to integrate with banks and the financial system.
With this work comes the crucial responsibility of protecting our developers and their end-users from malicious actors. We were the first to release account number tokenization through our partnership with Stripe, first to create end-to-end tokenization of consumer financial data, and first to write the spec that several Fortune 50 banks are now implementing to permission consumer and business financial data. At Plaid, security is a critical part of everything that we do, not just something to be scared of.
What excites you
Implementing tools for security monitoring, audit trail collection, event correlation, fraud mitigation and related security needs
Triaging and patching vulnerabilities across Plaid's cloud instances
Providing education and guidance on security topics across the Plaid team
Working with DevOps to ensure that environments are consistent with security controls
Handling various security processes and applications including scanning, host inventorying and code inspection tools
Managing VPN, firewall, SSO/federated identity and other critical operational infrastructure
Working in conjunction with Techops to manage security related MDM activities including endpoint patch management and auditing
Being responsible for external messaging of security processes and systems, and keeping up-to-date with industry developments
What excites us
Ability to code and script to automate common activities and effectively implement various security tools
Experience with log aggregation and correlation tools
Experience evaluating and rolling out security related patches and configuration changes
Experience managing VPN devices and configurations
Experience working with SSO/federated identity solutions
Experience handling security events as they happen
Bonus
Production software engineering experience and mastery of at least one language
Experience doing security operations in a cloud environment, particularly AWS
Experience communicating security policies to 3rd parties in compliance and security review settings
Incident Response experience
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Digital Reasoning is seeking a Security Engineer for our Infrastructure Operations team. We're looking for a bright, ambitious, and highly capable person to drive the information security initiatives across our fast-paced organization and work with advanced technologies.
What you’d be responsible for
Perform daily system monitoring, verifying the integrity and availability of all systems and key processes, reviewing system and application logs for security related events.
Utilize and configure infrastructure monitoring and reporting tools.
Develops and manages security policy and procedure for business units across the enterprise to prevent malicious attacks from compromising company systems and information.
Management of automated and human Penetration Testing and Vulnerability Scanning cadence, including enforcement of remediation of findings with Product Management
Develops and implements security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures, and use of firewalls and encryption routines).
Responsible for the configuration and management of antivirus, IDS/IPS,reputation, system integrity monitoring, and for the tracking and monitoring of software virus and malware incidents.
Enforces security policies and procedures by administering and monitoring security profiles; reviews security violation reports; investigates possible security exceptions; and updates, maintains, and documents security controls.
Maintains and monitors the company’s firewall and ensures utilization of encryption methods.
Provide input into, and regular updates on, RFP responses and customer-facing architecture and security collateral
Provides direct support to the business and IT staff for security-related issues.
Educates IT and the business about security policies and consults on security issues regarding user built/managed systems.
Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues.
Current technology stack includes OSX, Linux, AWS, Cisco/Meraki, Hadoop, ElasticSearch Python, Django, MySQL, Angular, Git
Performs other related duties as assigned.
Traits we’d love to see
HIPAA and HiTRUST experience
Ability to work on multiple tasks, prioritizing and organizing these tasks to maximize productivity
Self-starter with strong communication skills
Ability to work independently as well as in a team
Eagerness to tackle problems outside your core competencies and learn new technologies as required
BS or MS in Computer Science, Information Systems or demonstrated industry hands-on experience
Minimum 5 years of hands on security experience
Experience in securing server and network environments for modern web applications and services
Experience with Linux servers in virtualized environments
Knowledge of common information security management frameworks
Strong background in security operations, processes, solutions and technologies
Strong understanding of policy, compliance, and best practice security principles
Familiarity with docker or other containerization technologies
Knowledge of infrastructure, key processes, and technology-oriented risk issues, specifically around security and privacy
Experience with enterprise risk assessment methodologies
Knowledge of security domains such as Vulnerability Assessments, Intrusion Prevention and Detection, Access Control and Authorization, Policy enforcement, Application Security, Protocol Analysis, Firewall Rulesets, Incident Response, DLP, Encryption, Two-Factor Authentication, Web-filtering, Centralized Security Event Logging, Advanced Threat Protection, Forensics tools, End Point Security Clients.
Experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks.
CISSP, GPEN, CEH or other relevant Information Security certifications are a plus
Jul 24, 2018
Full time
Digital Reasoning is seeking a Security Engineer for our Infrastructure Operations team. We're looking for a bright, ambitious, and highly capable person to drive the information security initiatives across our fast-paced organization and work with advanced technologies.
What you’d be responsible for
Perform daily system monitoring, verifying the integrity and availability of all systems and key processes, reviewing system and application logs for security related events.
Utilize and configure infrastructure monitoring and reporting tools.
Develops and manages security policy and procedure for business units across the enterprise to prevent malicious attacks from compromising company systems and information.
Management of automated and human Penetration Testing and Vulnerability Scanning cadence, including enforcement of remediation of findings with Product Management
Develops and implements security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures, and use of firewalls and encryption routines).
Responsible for the configuration and management of antivirus, IDS/IPS,reputation, system integrity monitoring, and for the tracking and monitoring of software virus and malware incidents.
Enforces security policies and procedures by administering and monitoring security profiles; reviews security violation reports; investigates possible security exceptions; and updates, maintains, and documents security controls.
Maintains and monitors the company’s firewall and ensures utilization of encryption methods.
Provide input into, and regular updates on, RFP responses and customer-facing architecture and security collateral
Provides direct support to the business and IT staff for security-related issues.
Educates IT and the business about security policies and consults on security issues regarding user built/managed systems.
Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues.
Current technology stack includes OSX, Linux, AWS, Cisco/Meraki, Hadoop, ElasticSearch Python, Django, MySQL, Angular, Git
Performs other related duties as assigned.
Traits we’d love to see
HIPAA and HiTRUST experience
Ability to work on multiple tasks, prioritizing and organizing these tasks to maximize productivity
Self-starter with strong communication skills
Ability to work independently as well as in a team
Eagerness to tackle problems outside your core competencies and learn new technologies as required
BS or MS in Computer Science, Information Systems or demonstrated industry hands-on experience
Minimum 5 years of hands on security experience
Experience in securing server and network environments for modern web applications and services
Experience with Linux servers in virtualized environments
Knowledge of common information security management frameworks
Strong background in security operations, processes, solutions and technologies
Strong understanding of policy, compliance, and best practice security principles
Familiarity with docker or other containerization technologies
Knowledge of infrastructure, key processes, and technology-oriented risk issues, specifically around security and privacy
Experience with enterprise risk assessment methodologies
Knowledge of security domains such as Vulnerability Assessments, Intrusion Prevention and Detection, Access Control and Authorization, Policy enforcement, Application Security, Protocol Analysis, Firewall Rulesets, Incident Response, DLP, Encryption, Two-Factor Authentication, Web-filtering, Centralized Security Event Logging, Advanced Threat Protection, Forensics tools, End Point Security Clients.
Experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks.
CISSP, GPEN, CEH or other relevant Information Security certifications are a plus
As a Principal Security Engineer at Kensho, you are a thoughtful, collaborative, and dynamic technologist who loves ensuring security across a number of systems and web applications. You think deeply about the implications, relationships, edge cases, and failure modes, and you are passionate about correctness, security, and writing the next thing, so you aren't spending time maintaining older projects.
Are you a prolific, intellectually curious technologist who appreciates code, math, and security? We are on a mission to clarify complex data through scientific, statistical, analytical, computational, and inspired study. By transforming the data, we are able to bring transparency to some of the most important issues on the planet. You will be joining a team of veterans from Google, Twitter, and Facebook, as well as academia.
What You'll Do:
Evaluate and strengthen Kensho’s security systems and processes across all products and teams by building a scalable process to ensure the security feedback loop is strong
Write, monitor, and triage security tests and test infrastructure
Directly interface with customer infosec teams, lawyers, external security researchers as well as internal partners to ensure that Kensho maintains a best-in-class security envelope
Cultivate full team participation in high quality, thoughtful, secure software
What We Look For:
Deep experience securing modern web applications and distributed data infrastructure in a cross-team setting
Willingness to find and fix vulnerabilities in both our own software and 3rd party dependencies
Experience with penetration testing and industry-standard cryptography
Expertise in automated and scalable testing, automation, and continuous integration frameworks
Desire to build a strong, operationally-minded engineering culture through effective and thoughtful coding, documentation, and collaborative approach as a code reviewer and teammate
How to Really Get Our Attention:
Security engineer experience at a top 10 software company
Participation and awards at security capture-the-flag competitions
Open source project contributions showing innovation and initiative
Hedge fund or major financial institution trading experience
Relevant research, publications, and patents
Technologies We Like:
Python, Linux, Docker, Kubernetes, Calico, Git, Jenkins, Sentry, Cypress
Perks:
Medical, Dental, and Vision insurance with 100% premium covered
Unlimited vacation days
Paid Parental Leave
401(k) plan with employer match
Free snacks and drinks
Dog-friendly office
Cardio machines and weights in the office
Hubway (bike sharing program) membership
Jul 19, 2018
Full time
As a Principal Security Engineer at Kensho, you are a thoughtful, collaborative, and dynamic technologist who loves ensuring security across a number of systems and web applications. You think deeply about the implications, relationships, edge cases, and failure modes, and you are passionate about correctness, security, and writing the next thing, so you aren't spending time maintaining older projects.
Are you a prolific, intellectually curious technologist who appreciates code, math, and security? We are on a mission to clarify complex data through scientific, statistical, analytical, computational, and inspired study. By transforming the data, we are able to bring transparency to some of the most important issues on the planet. You will be joining a team of veterans from Google, Twitter, and Facebook, as well as academia.
What You'll Do:
Evaluate and strengthen Kensho’s security systems and processes across all products and teams by building a scalable process to ensure the security feedback loop is strong
Write, monitor, and triage security tests and test infrastructure
Directly interface with customer infosec teams, lawyers, external security researchers as well as internal partners to ensure that Kensho maintains a best-in-class security envelope
Cultivate full team participation in high quality, thoughtful, secure software
What We Look For:
Deep experience securing modern web applications and distributed data infrastructure in a cross-team setting
Willingness to find and fix vulnerabilities in both our own software and 3rd party dependencies
Experience with penetration testing and industry-standard cryptography
Expertise in automated and scalable testing, automation, and continuous integration frameworks
Desire to build a strong, operationally-minded engineering culture through effective and thoughtful coding, documentation, and collaborative approach as a code reviewer and teammate
How to Really Get Our Attention:
Security engineer experience at a top 10 software company
Participation and awards at security capture-the-flag competitions
Open source project contributions showing innovation and initiative
Hedge fund or major financial institution trading experience
Relevant research, publications, and patents
Technologies We Like:
Python, Linux, Docker, Kubernetes, Calico, Git, Jenkins, Sentry, Cypress
Perks:
Medical, Dental, and Vision insurance with 100% premium covered
Unlimited vacation days
Paid Parental Leave
401(k) plan with employer match
Free snacks and drinks
Dog-friendly office
Cardio machines and weights in the office
Hubway (bike sharing program) membership
Join Upstart as our Information Security Architect , where you will bring security controls into our cloud infrastructure. Reporting to the Head of information Security, you will set up security incident and event management within Upstart. You’ll play a key role in ensuring security controls through design and architecture in our infrastructure, creating protocols for how we restrict access and data to specific users, and identifying and rectifying cases in which our infrastructure and data processing applications/databases isn’t secure or secure enough. You will also be a thought leader and represent Upstart at security conferences and events. As one of the first members of this team, you will also have an opportunity for growth into management.
Here is more about what you’ll be doing:
Managing security compliance in all infrastructure-related projects including mapping Technology compliance into our infrastructure
Partnering with engineering and dev-ops to provide security guidance in managing secure networking, securing IT assets and defining requirements for our Devops Team
Building out Upstart’s future through infrastructure by creating AWS-based security controls from scratch using a variety of AWS tools
Set up a regular vulnerability scanning tools and manage remediation of identified issues
Conducting infrastructure security audits, penetration tests, and periodic access reviews to applications and infrastructure
Owning security controls relating to application access and data encryption
Leading vulnerability management and incident management procedures
Keeping abreast on all compliance/regulatory news and information in fintech to ensure Upstart is at the forefront of changes in the industry
Actively participating in open source forums (e.g OWASP) and cloud infrastructure conferences
Requirements:
5+ years of experience in information security, preferably with experience in enabling security incident and event management
3+ years of experience in a leadership role
Certification in IT or cybersecurity (e.g. CISSP or CISM) will strengthen consideration
Experience working in high-security/high-compliance environments, Maintain compliance requirements with international standards such as (SOX, SOC2 and ISO27001)
Experience setting up and working with AWS Inspector, Kinesis - Lambda based security response, Macie, Gaurd Duty, Config and Config rules
Experience setting up and working in security operations
Ability to define high-level strategy for security/compliance monitoring and risk mitigation
Strong written and verbal communication skills
Jul 17, 2018
Full time
Join Upstart as our Information Security Architect , where you will bring security controls into our cloud infrastructure. Reporting to the Head of information Security, you will set up security incident and event management within Upstart. You’ll play a key role in ensuring security controls through design and architecture in our infrastructure, creating protocols for how we restrict access and data to specific users, and identifying and rectifying cases in which our infrastructure and data processing applications/databases isn’t secure or secure enough. You will also be a thought leader and represent Upstart at security conferences and events. As one of the first members of this team, you will also have an opportunity for growth into management.
Here is more about what you’ll be doing:
Managing security compliance in all infrastructure-related projects including mapping Technology compliance into our infrastructure
Partnering with engineering and dev-ops to provide security guidance in managing secure networking, securing IT assets and defining requirements for our Devops Team
Building out Upstart’s future through infrastructure by creating AWS-based security controls from scratch using a variety of AWS tools
Set up a regular vulnerability scanning tools and manage remediation of identified issues
Conducting infrastructure security audits, penetration tests, and periodic access reviews to applications and infrastructure
Owning security controls relating to application access and data encryption
Leading vulnerability management and incident management procedures
Keeping abreast on all compliance/regulatory news and information in fintech to ensure Upstart is at the forefront of changes in the industry
Actively participating in open source forums (e.g OWASP) and cloud infrastructure conferences
Requirements:
5+ years of experience in information security, preferably with experience in enabling security incident and event management
3+ years of experience in a leadership role
Certification in IT or cybersecurity (e.g. CISSP or CISM) will strengthen consideration
Experience working in high-security/high-compliance environments, Maintain compliance requirements with international standards such as (SOX, SOC2 and ISO27001)
Experience setting up and working with AWS Inspector, Kinesis - Lambda based security response, Macie, Gaurd Duty, Config and Config rules
Experience setting up and working in security operations
Ability to define high-level strategy for security/compliance monitoring and risk mitigation
Strong written and verbal communication skills
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Staff Security Engineer is to own and lead Credit Karma's Security initiatives.
What will you do?
Document and implement security zoning best practices.
Partner with Network, Platform, and Dev teams to design security-centric architectures and frameworks.
Review third-party and partner integrations to ensure compliance with security best practices.
Develop Identity and Access Management standards and enforce best practices.
Drive security and support initiatives as subject matter expert.
Drive security at scale, focusing on automation and process improvement.
Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack.
Serve as an escalation point in responding to security incidents and investigations.
What’s great about it?
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Work alongside a highly motivated, helpful and collaborative team.
Have the autonomy to achieve results without micromanagement.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What do we expect?
Balance of high-level architecture and design principles and strong technical know-how.
Experience working in a fast-paced, dynamic yet mature engineering environment.
Effective cross-functional communication and ability to achieve results.
Confident articulating complex technical content to Senior Management and business partners.
Self-starting attitude and fearless ascent up the learning curve.
Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
A fun and positive attitude!
Jul 02, 2018
Full time
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Staff Security Engineer is to own and lead Credit Karma's Security initiatives.
What will you do?
Document and implement security zoning best practices.
Partner with Network, Platform, and Dev teams to design security-centric architectures and frameworks.
Review third-party and partner integrations to ensure compliance with security best practices.
Develop Identity and Access Management standards and enforce best practices.
Drive security and support initiatives as subject matter expert.
Drive security at scale, focusing on automation and process improvement.
Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack.
Serve as an escalation point in responding to security incidents and investigations.
What’s great about it?
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Work alongside a highly motivated, helpful and collaborative team.
Have the autonomy to achieve results without micromanagement.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What do we expect?
Balance of high-level architecture and design principles and strong technical know-how.
Experience working in a fast-paced, dynamic yet mature engineering environment.
Effective cross-functional communication and ability to achieve results.
Confident articulating complex technical content to Senior Management and business partners.
Self-starting attitude and fearless ascent up the learning curve.
Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
A fun and positive attitude!
Credit Karma's mission is to make financial progress possible for everyone. We have over 80 million US members and are now taking aim internationally. In just 12 months from launch, we’ve grown Credit Karma Canada to be the #1 destination for free credit scores and reports, and we’re just getting started. Your role will be to our international growth efforts in Canada and globally beyond. We’re looking for a leader to take charge of driving execution and high performing operations for all of our international product and engineering teams. You will drive key decisions along the way that will impact our entire International team. We are operating as a well funded and supported “startup” within Credit Karma with enormous opportunity to move fast and have high impact. The Technical Program Manager Lead will work directly with the VP, International and be a critical leader for the cross-functional teams and the overall Credit Karma International roadmap, including existing country products and new market entry. The role will start as a hands-on individual contributor and quickly scale to be a manager role. This position will be based in San Francisco, but may require frequent travel.
What you'll do:
Lead on technical program management for entire Canada product roadmap, including: Scoping and setting near- and long-term goals and OKRs. Driving on-time delivery of every product launch. Identifying any risks or blockers along with solutions to get back on track.
Lead on go-to-market planning for all new markets, including: Leading the complex, cross-functional efforts to launch, ensuring timely and successful execution. Hands-on responsibilities during and through launch to ensure success of newly formed country teams, especially through first 6 months of operations. Deep involvement of hiring and crafting team culture for new product and engineering teams.
Directly handle third-party platform relationships, for example, for Localization
Craft and run critical team infrastructure for all markets, building off of core Credit Karma systems and methodologies that exist. These areas include: Culture building for each country’s product and engineering team as well as the International team overall. Metrics & reporting infrastructure so that the International Analytics team can achieve maximum scale and impact. Communications channels from the our team out to the rest of Credit Karma. Cross-pollination of information on product roadmaps, experiment results, and other lessons learned between the broader company and our team.
Build the operating models for each of our Country teams and our broader International team partner successfully with other teams such as Security, Infrastructure & Platform, Legal & Compliance, Member Support, etc.
Be the first of what will be a growing team of Technical Program Managers for International, including the opportunity to directly hire and develop this team over time.
What's phenomenal about it:
You’ll build something that has the potential to positively affect millions of people around the world
The work you do will have significant impact and visibility across Credit Karma
This role brings the best of both worlds: the experience of growing early-stage products and businesses with the support of a successful later-stage internet company
Credit Karma is an equal opportunity employer, and we highly encourage people of all backgrounds to apply; This is especially true on our International team where each of us should have empathy for members, partners and colleagues of diverse backgrounds
What we expect:
Interest and excitement in our mission of enabling financial progress, especially internationally
8+ years of related experience, including technical program management, operations, engineering or product management
Track record of success in driving wholly new, large scale product launch plans
Deep understanding of program management methodologies with prove ability to adapt to unique team needs and objectives
Ability to critically observe operational results (both good and bad) to make independent recommendations and decisions about how to improve
Ability to create a shared team culture and get results directly or indirectly, especially across diverse cross-functional teams
Professional experience leading projects across multiple remote locations, ideally internationally
Experience working hands-on with product and engineering teams in both smaller startup and large company environments
High level of proficiency in technical understanding and working directly with engineers to anticipate operational risks and tackle problems
Ideally experience managing teams directly
Bachelor’s degree from a top university required; Master’s degree is preferred
Jul 02, 2018
Full time
Credit Karma's mission is to make financial progress possible for everyone. We have over 80 million US members and are now taking aim internationally. In just 12 months from launch, we’ve grown Credit Karma Canada to be the #1 destination for free credit scores and reports, and we’re just getting started. Your role will be to our international growth efforts in Canada and globally beyond. We’re looking for a leader to take charge of driving execution and high performing operations for all of our international product and engineering teams. You will drive key decisions along the way that will impact our entire International team. We are operating as a well funded and supported “startup” within Credit Karma with enormous opportunity to move fast and have high impact. The Technical Program Manager Lead will work directly with the VP, International and be a critical leader for the cross-functional teams and the overall Credit Karma International roadmap, including existing country products and new market entry. The role will start as a hands-on individual contributor and quickly scale to be a manager role. This position will be based in San Francisco, but may require frequent travel.
What you'll do:
Lead on technical program management for entire Canada product roadmap, including: Scoping and setting near- and long-term goals and OKRs. Driving on-time delivery of every product launch. Identifying any risks or blockers along with solutions to get back on track.
Lead on go-to-market planning for all new markets, including: Leading the complex, cross-functional efforts to launch, ensuring timely and successful execution. Hands-on responsibilities during and through launch to ensure success of newly formed country teams, especially through first 6 months of operations. Deep involvement of hiring and crafting team culture for new product and engineering teams.
Directly handle third-party platform relationships, for example, for Localization
Craft and run critical team infrastructure for all markets, building off of core Credit Karma systems and methodologies that exist. These areas include: Culture building for each country’s product and engineering team as well as the International team overall. Metrics & reporting infrastructure so that the International Analytics team can achieve maximum scale and impact. Communications channels from the our team out to the rest of Credit Karma. Cross-pollination of information on product roadmaps, experiment results, and other lessons learned between the broader company and our team.
Build the operating models for each of our Country teams and our broader International team partner successfully with other teams such as Security, Infrastructure & Platform, Legal & Compliance, Member Support, etc.
Be the first of what will be a growing team of Technical Program Managers for International, including the opportunity to directly hire and develop this team over time.
What's phenomenal about it:
You’ll build something that has the potential to positively affect millions of people around the world
The work you do will have significant impact and visibility across Credit Karma
This role brings the best of both worlds: the experience of growing early-stage products and businesses with the support of a successful later-stage internet company
Credit Karma is an equal opportunity employer, and we highly encourage people of all backgrounds to apply; This is especially true on our International team where each of us should have empathy for members, partners and colleagues of diverse backgrounds
What we expect:
Interest and excitement in our mission of enabling financial progress, especially internationally
8+ years of related experience, including technical program management, operations, engineering or product management
Track record of success in driving wholly new, large scale product launch plans
Deep understanding of program management methodologies with prove ability to adapt to unique team needs and objectives
Ability to critically observe operational results (both good and bad) to make independent recommendations and decisions about how to improve
Ability to create a shared team culture and get results directly or indirectly, especially across diverse cross-functional teams
Professional experience leading projects across multiple remote locations, ideally internationally
Experience working hands-on with product and engineering teams in both smaller startup and large company environments
High level of proficiency in technical understanding and working directly with engineers to anticipate operational risks and tackle problems
Ideally experience managing teams directly
Bachelor’s degree from a top university required; Master’s degree is preferred
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Security Engineer is to develop detection and protection controls as well as build content that will feed automated actions and infrastructure changes.
What You'll Do
Deploy and maintain security solutions that will prevent and detect attacks against CK's infrastructure
Develop content and tune alerting for important events.
Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack.
Partner with incident responders to automate repetitive actions.
Build and monitor integrations between security solutions and ensure the completeness and accuracy of ingested data.
What's Great About it
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Solid grasp of system, network and security fundamentals
Strong scripting or relevant programming skills for automating repetitive tasks.
Experience working in (or closely with) a Security Operations Center.
Experience creating detection content and writing correlation rules
Expertise configuring and administering at last one vulnerability management solution.
Expertise configuring and administering security automation and orchestration platforms
Self-starting attitude and fearless ascent up the learning curve.
Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
A fun and positive attitude!
Jul 02, 2018
Full time
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Security Engineer is to develop detection and protection controls as well as build content that will feed automated actions and infrastructure changes.
What You'll Do
Deploy and maintain security solutions that will prevent and detect attacks against CK's infrastructure
Develop content and tune alerting for important events.
Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack.
Partner with incident responders to automate repetitive actions.
Build and monitor integrations between security solutions and ensure the completeness and accuracy of ingested data.
What's Great About it
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Solid grasp of system, network and security fundamentals
Strong scripting or relevant programming skills for automating repetitive tasks.
Experience working in (or closely with) a Security Operations Center.
Experience creating detection content and writing correlation rules
Expertise configuring and administering at last one vulnerability management solution.
Expertise configuring and administering security automation and orchestration platforms
Self-starting attitude and fearless ascent up the learning curve.
Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
A fun and positive attitude!
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Senior Staff Security Engineer is to own and lead Credit Karma's cloud security initiatives.
What You'll Do
Partner with Network, Platform, and Dev teams to design security-centric cloud architectures and frameworks.
Drive cloud security and support initiatives as subject matter expert.
Develop Identity and Access Management standards and enforce best practices for the public and private cloud.
Drive security at scale, focusing on automation and process improvement.
Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack.
What's Great About It
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Work alongside a highly motivated, helpful and collaborative team.
Have the autonomy to achieve results without micromanagement.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Balance of high-level architecture and design principles and strong technical know-how.
Effective cross-functional communication and ability to achieve results.
Solid grasp of cloud security solutions, both native and 3rd party.
Experience leading cloud workload security initiatives in an enterprise-scale, mixed-vendor environment.
Proven track record in architecting secure IaaS, PaaS and SaaS frameworks in both public and private cloud environments.
Confident articulating complex technical content to Senior Management and business partners.
Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
Jul 02, 2018
Full time
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Senior Staff Security Engineer is to own and lead Credit Karma's cloud security initiatives.
What You'll Do
Partner with Network, Platform, and Dev teams to design security-centric cloud architectures and frameworks.
Drive cloud security and support initiatives as subject matter expert.
Develop Identity and Access Management standards and enforce best practices for the public and private cloud.
Drive security at scale, focusing on automation and process improvement.
Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack.
What's Great About It
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Work alongside a highly motivated, helpful and collaborative team.
Have the autonomy to achieve results without micromanagement.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Balance of high-level architecture and design principles and strong technical know-how.
Effective cross-functional communication and ability to achieve results.
Solid grasp of cloud security solutions, both native and 3rd party.
Experience leading cloud workload security initiatives in an enterprise-scale, mixed-vendor environment.
Proven track record in architecting secure IaaS, PaaS and SaaS frameworks in both public and private cloud environments.
Confident articulating complex technical content to Senior Management and business partners.
Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Security Engineer is to develop network-based detection and protection controls.
What You'll Do
Research the latest industry leading Network Security solutions.
Deploy and maintain security solutions that will prevent and detect attacks against CK's networks.
Develop content and tune alerting for important events.
Leverage scripting and programming to automate manual actions.
Build and monitor integrations between security solutions and ensure all solutions are logging relevant data.
Ensure security baselines are configured as part of network device build processes.
What's Great About It
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Solid grasp of network and network security fundamentals, including routing, switching, load balancing, firewalls, proxies and IDS.
Experience administrating network security solutions in an enterprise-scale, mixed-vendor environment.
Strong scripting or relevant programming skills for automating repetitive tasks.
Familiarity with micro-segmentation and anomaly detection platforms.
Deep understanding of latest Software Defined Networking trends and architectures.
Experience managing network security solutions in both data center and cloud environments.
Jul 02, 2018
Full time
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Security Engineer is to develop network-based detection and protection controls.
What You'll Do
Research the latest industry leading Network Security solutions.
Deploy and maintain security solutions that will prevent and detect attacks against CK's networks.
Develop content and tune alerting for important events.
Leverage scripting and programming to automate manual actions.
Build and monitor integrations between security solutions and ensure all solutions are logging relevant data.
Ensure security baselines are configured as part of network device build processes.
What's Great About It
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
Solving frontier security problems at scale in a highly technology-focused team.
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What We Expect
Solid grasp of network and network security fundamentals, including routing, switching, load balancing, firewalls, proxies and IDS.
Experience administrating network security solutions in an enterprise-scale, mixed-vendor environment.
Strong scripting or relevant programming skills for automating repetitive tasks.
Familiarity with micro-segmentation and anomaly detection platforms.
Deep understanding of latest Software Defined Networking trends and architectures.
Experience managing network security solutions in both data center and cloud environments.
