87 Security jobs

We’re looking for talented security engineers that can continue to build a secure GoCardless in a fast paced environment that invests in a culture of continuous feedback.   You will play a major and leading role in protecting GoCardless through the implementation of security operations programme and have the opportunity to influence and implement cutting-edge measures to prevent, detect and respond to potential cyber security threats. As a security operations engineer you will play a key role in ensuring GoCardless teams are taking all required steps in operating and building a secure product set including logging infrastructure, security monitoring solutions, anomaly detection, etc. Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead cross-functionally. You will be working alongside our Product Managers and audit specialists to design and implement measures that will keep GoCardless' products and systems secure. We work closely with our engineering teams whom are building simple and reliable solutions to complex problems.  We keep our development cycles fast, by reviewing and adapting our plans frequently, and by investing in a culture of continuous feedback. Core responsibilities Providing subject matter expertise on various areas of security, specifically on security operations Experience on security use case development, data source on-boarding and different log management and SIEM technologies (i.e Elastic, Splunk, etc.) Monitoring of metrics associated with security controls to ensure controls are tuned for peak effectiveness Handling of security operations day-to-day activities, troubleshooting and coordinating resolution or restore using the right tools and processes (activities can be hardware or software failures, security incidents, security breaches, actively looking for threats in logs - threat hunting - etc.) Professionally manage inbound security-related calls and questions, create tickets, run security-related assessments, security-related user complains, and escalate accordingly Providing technical support for on call outside normal business hours (if required) Drive the implementation and dissemination of security KPIs Liaison with teams for security design, incident handling & education Participate in cross-team security initiatives Security tooling selection and/or creation Perform activities with minimal supervision of routine duties, demonstrate ability to solve practical problems and deal with a variety of concrete variables Perform scheduled vulnerability assessments and security testing Requirements Minimum of five years of security-related experience Strong analytical and reasoning skills Experience in other security tooling (Endpoint Security, Web/Network Scanners, SIEM and IDS/IPS, etc.) and its integration into the company systems A proven and strong depth of expertise in security engineering, system and network security, authentication and security protocols, cryptography and application security, with hands-on experience in web applications for critical 24/7 services Must have in depth, hands-on experience with security features and system admin of Linux, UNIX and Windows operating systems Must possess excellent communication skills and ability to cooperate with other business functions Understanding and exposure of message queue latest technologies such Syslog, Fluentd, GCP PubSub, Logstash, Kafka and SIEM-specific collection mechanisms (i.e. Splunk forwarders, etc.) Bonus points BSc/MSc in Computer Science or a related field, or equivalent work Experience of security in a DevOps environment is preferred and/or experience of Agile methodologies (e.g. Scrum, Kanban) A comprehensive knowledge of web application security, Experience in cloud services (GCP, AWS, etc.) Sound knowledge of the OWASP Top 10 and how they can be prevented Professional security qualifications are desirable (e.g. CISSP, Offensive Security, GIAC, etc.) Awareness and experience of the Data Protection Act, ISO 27001 and PCI-DSS Exposure with multiple scripting / programming languages (especially scripting languages such as Python, Ruby, Perl, etc) Forensic certifications or experience Our team come from a variety of backgrounds and we welcome diversity – if you’re unsure, please apply.

We're looking for amazing security engineers to join our team and continue to build a secure GoCardless. We're operating in the dynamic environment of FinTech, so Security is something we take very seriously. We take this as an opportunity to create and implement state of the art measures to minimise exposures and vulnerabilities. As an App Security engineer, you will play a key role in ensuring GoCardless teams are taking all required steps in building a secure product set including application penetration testing, threat modelling, design reviews, developing our internal tooling and procedures. Whether you are engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead across business units. You will be working alongside our Product Managers and audit specialists to design and implement measures that will keep GoCardless' platform secure. We work closely with our engineering teams whom are building simple and reliable solutions to complex problems. We keep our development cycles fast, by reviewing and adapting our plans frequently and by investing in a culture of continuous feedback. We're primarily built in Ruby and JavaScript using Rails, and we rely on Postgres, ElasticSearch, GCP and Chef. However, we believe in using the best technologies for each task – we have used React where server rendering is needed, Go for our infrastructure, and Python for our data analysis. What you'll do Implement measures to secure and protect the GoCardless products and systems. Perform design reviews and Threat modelling of GoCardless services and products Perform vulnerability assessments and security testing (we'll expect you to already know the type of security vulnerabilities a company like ours faces) Providing subject matter expertise on all areas of security and privacy throughout the Software Development lifecycle Working with development teams for design, code reviews & education continually seeking to shift left Participate in cross-team security initiatives Contribute in the formulation of our security strategy Drive the implementation and dissemination of security critical metrics. Automating and continually improving our approaches through development of tooling and procedures What you'll need STEM degree or related field, or equivalent work experience. Experience in vulnerability testing and auditing techniques Hands on experience with scripting and proficiency in programming Strong analytical and reasoning skills A proven and strong depth of expertise in security engineering, system and network security, authentication and security protocols, cryptography and application security, with hands-on experience in web applications for critical 24/7 services A proven understanding of web application security and security architecture applying defence in depth Able to use and interpret the results from software tools and security testing tooling such as NMap, Nessus, dig, MITM proxies, wireshark. Can conduct penetration testing / vulnerability assessment on networks, applications within both traditional environments and cloud services, vulnerability assessment, web application testing for OWASP top 10 vulnerabilities. Not essential, but nice to have Computer Science degree, or equivalent experience. Fluency in one or more of: Ruby, Python, or Go Experience of security in a DevOps environment is preferred and/or experience of Agile methodologies (e.g. Scrum, Kanban) Experience in multiple programming languages (especially scripting languages such as Python, Ruby, Perl, etc) A comprehensive knowledge of Web application security Experience in security tooling (Burp proxy, Web/Network Scanners, Static code analysers, etc.) and its integration into the company systems. Experience in cloud services such as GCP and AWS Sound knowledge of the OWASP Top 10 and how they can be prevented Knowledge of the latest industry threats Experience of performing security design reviews, threat modelling and risk assessments Professional security qualifications are desirable (e.g. CISSP, Offensive Security, Sans Institute, etc.) Awareness and experience of the Data Protection Act, ISO 27001 and PCI-DSS You should apply if: You're passionate about security and technology You care deeply about building reliable, well-tested and secure systems You enjoy solving problems and automating responses for recurrent issues You thrive in a culture of code review You enjoy working in a diverse company that welcomes fresh thinking

Want to help us change the way the world moves money? We build high tech services that allow people to send and receive money easily. Our customers are mostly migrants, sending money home to their families and friends in Africa, Asia and Latin America. Today only 5% of the remittance market is online – with a large proportion of the industry operating through informal untracked networks. Yet online is predicted to grow to 60% in the next 5-6 years and WorldRemit is driving that shift. By reducing costs and freeing up time we enable people to make the most of the opportunities that their new life abroad provides and help to release the billions of dollars lost in transferring money to the developing world. This money goes directly to those who need it. Why do we care about money transfers so much? Most of our customers are first or second generation migrants. They may be living and working far from their home but still manage to send money back to support their loved ones. Large international wire transfer companies and banks have been taking advantage of people like this by charging preposterous fees and unfair rates. With the World Bank estimating $575 billion annually flowing into developing countries - transforming the remittance industry could have a greater impact on international development than every single government aid program combined. WorldRemit is using innovative technology and growing it’s a global network to make transferring money easier, fairer and more affordable. How are we doing so far? WorldRemit has grown at an average 50% year on year We're now processing over £1.5bn of remittances on an annualised basis The recently company went through its Series C financing and raised $40m, over $230m in total The company currently employees over 600 employees and has offices in London, USA, Philippines, Poland, Australia, New Zealand, Canada, Japan, Hong Kong and other locations Funded by VCs behind companies such as Airbnb, Spotify, Netflix and Facebook Covering 140+ countries across the globe The role As Security Engineers, we are responsible for the overall security posture of Worldremit. The main goal is to investigate and understand our newest projects and technologies and give security guidance to ensure that they are as robust as possible. You will have: Strong knowledge of web and API security testing.  Experience with penetration testing of networks and infrastructure. Review and design the Security Architecture of systems and products. Ability to perform code and design reviews of internally developed applications. Skills to automate your tasks (ideally using Python, Perl or Bash). Develop security training for our software engineers. Ensure that identified issues are prioritised and addressed in an appropriate timeframe. Ability to translate the security risk and impact to other departments and stakeholders. A proactive mindset. You will be someone who: Enjoy both breaking and building. Willing to compromise when it's necessary and hold firm when it's essential. Maintain a strong desire to build robust things (But also to break them!). Is interested in sharing knowledge since we’re all in this together. Has excellent communication skills. Already pwn3d Gibson at some point.  Nice to haves Security certifications (such as eWPT/X, OSCP, Crest CRT/CCT, CISSP, SANS. Avoid mentioning your CEH). Any developing background experiences. Knowledge on mobile application security testing. Understand how agile development methodologies (Scrum, Kanban) work. Knowledge about SOC / Incident & Response. Familiarity with Jira, Splunk, AppSec Pipelines. +2 years of professional experience. Participation in the security community (CTFs, bug bounty, conferences, etc).

About Us Form3 is a disruptive fintech startup on a mission to make payments easier, faster and cheaper for  fintechs, challenger banks, ecommerce gateways, card providers and traditional banks wanting to reinvent themselves.  Our customers include everyone from FinTech, challenger banks, ecommerce gateways and card providers, through to older traditional banks that are trying to reinvent themselves.    What we're looking for We’re looking for an experienced Information Security Officer to support our current Head of Information Security. A security specialist with strong working knowledge and understanding of information security frameworks (IS027001, ISAE3000/SOC2, SOC1, GPDR and PCI DSS), security operations and application security best practices. A versatile Security Officer, with experience working with public cloud, in particular AWS and the AWS security services. Particular exposure to developing, implementing, auditing and improving information security policies and procedures aligned to relevant industry frameworks/standards. Your skills Creating/maintaining an ISO27001 ISMS or PCI compliance project and operation. Performing Business Impact Analysis, risk assessment and treatment. Operating, maintaining, auditing and improving Vulnerability Management, SIEM and Threat Intelligence systems. Perform response analytics during and after an incident, determine root cause and proper mitigation of cyber security events. To remain up to date with the latest threats and vulnerabilities to ensure operational tools and processes are up to date, introduce process improvements and ensure incident response plans are up to date and effectively tested. Ensure that customer information and information systems are protected from unauthorised access / intrusion, use, disclosure, disruption, modification or destruction. Perform periodic internal audits against policies and procedures to ensure conformance. Participate and assist in external audit activities. Perform periodic audit, review and contribute to the continuous improvement of IT security standards, processes and procedures. Knowledge of various technologies and operating systems and their related security configuration, hardening and risks, ie Linux/Unix, Mac OS, Containers, Office 365, etc. Deliver Information Security and awareness training programs. Our Benefits Competitive Salary   30 days holiday (plus Bank Holidays)   Flexible hours/Remote Working   Company Bonus Scheme   Pension Contribution   Team Events   An incredible team to work with   A strong and clear company culture   You’ll get the opportunity to be part of a rapidly scaling FinTech company, working alongside some of the brightest talents in tech and payments  

At Monzo we ’re   aiming to  build   the  best current account in the world . We are always keen to hear from capable, creative people who want to help us accomplish that goal. We want our bank to be s afe  and s ecure  for our customers, so security is  very important to us    Security  at Monzo We are looking for a proactive, technically-minded and organised Security Analyst to join our Security team.  Monzo’s security team has a wide range of responsibilities, from infrastructure security to application security. As a bank, we are solving diverse, novel problems to ensure that our customers and their data are secure.  One of the guiding principles of security at Monzo is that security at the expense of user experience is a last resort. We aim to move mountains in the background such that we can build world-class features without compromising on security. As a member of our security team you would be responsible for constantly improving the security of Monzo as a part of a multi-disciplinary team. You would work closely with security engineers, as well as lots of teams across the company. You’ll spend your time: Managing projects within the team, whether we’re rolling out a new feature to customers, or preparing to undergo an audit Writing and delivering training to Monzonauts across the company and across the world Working closely with our second-line Risk & Compliance team to improve the way we mitigate security risk Developing new processes and procedures to improve security at Monzo Collaborating and working with other teams to ensure that they can meet their objectives securely   Supporting the Security team on broader initiatives to help boost security awareness Conducting periodic security reviews, and helping respond to security incidents You should apply if: What we’re doing in the Security team excites you! You’re technically-minded and understand security best practices You have experience managing multiple projects simultaneously, and are comfortable with regular context-switching You’re comfortable reading and interpreting technical requirements, regulation and procedures You love taking the initiative, prioritising and driving things forward, without being told what to do You’re comfortable interacting with both technical and non-technical stakeholders You are an excellent communicator, both verbally and in writing Logistics We can help you relocate to London, we can sponsor visas, and we're open to remote working (as long as you can spend at least 20% of your time in London).   We care deeply about inclusive working practices and diverse teams. If you’d prefer to work part-time or as a job-share, we’ll facilitate this wherever we can - whether to help you meet other commitments or to help you strike a great work-life balance. Our interview process typically consists of an initial phone screen, a take-home exercise, and a half-day on-site interview. We promise not to ask you any brain teasers or trick questions  Any questions? If you’re unsure about applying or have any questions about the role or team, please don’t hesitate to email  Marcelo  directly   Also, if you are under time pressure to change jobs soon (or have any other deadlines), please let us know, as we'll always do our best to speed up the process for you!

Description   About The Role SoFi is seeking an experienced Information Security professional to further its Application Security program.  The ideal candidate comes with a strong background in offensive security and is able to implement scalable solutions to mitigate security threats. As a member of the Information Security function, you will be part of a team of highly skilled engineers tuned-in to threat research and technical innovation. You will work closely with engineering teams and other business functions to tackle complex technical problems and build secure products. At SoFi, you’ll become part of a new kind of finance company based around speed, transparency, and alignment with our members’ interests. Our goal is to be at the center of our members’ financial lives. We created student loan refinancing, addressing the biggest financial challenge of a new generation through a modern approach to lending and personal finance. We expanded into other types of loans, and then into insurance and wealth management with similarly inventive products and soon to be launched SoFi money a modern take on a checking or savings account. As the company has grown, we’ve been able to help more people with these tools. SoFi has achieved significant growth, with ambitious plans ahead, but to continue this growth we need great talent. Responsibilities Perform technical security assessments, pentests, code audits and design reviews Develop solutions to scale security testing and enable engineering teams to identify security flaws pre-production   Act as advisor in the area of secure development and threat mitigation Create and manage the bug bounty program Demonstrate leadership through evangelizing security, identification of issues and driving resolution across corporate functions Minimum qualifications BS degree in Computer Science or related technical field or equivalent practical experience 2+ years of experience in application security testing Strong knowledge of web application security design, threats and mitigations Practical experience in security engineering, authentication standards (OAUTH, JWT, etc.) and applied cryptography Develop and execute secure application development training exercises Self-starter with strong interpersonal and communication skills Preferred qualifications Software development experience in Java, Javascript and interpreted languages (Perl, Python, etc) Experience in mobile security design and assessment Working knowledge of Amazon Web Services (AWS) security Experience developing security tools Benefits Lunch Stipend, a fully stocked kitchen, and subsidized gym membership. Competitive salary packages and bonuses. A flexible vacation policy allows you to truly relax and reboot.  Comprehensive health, vision, dental, and life insurance as well as disability benefits. 100% of health, vision, and dental premiums paid by SoFI for employees and their dependents.  401(k) and education on retirement planning. 
 Tuition reimbursement on approved programs, up to $5,250 a year. Monthly contribution to help you pay off your student loans.

Robinhood is democratizing access to America’s financial system. Our platform offers commission-free investing in U.S. stocks, ETFs, options, and cryptocurrencies. Robinhood Financial, our broker-dealer, is the fastest-growing brokerage ever, with over four million users and billions of dollars in transaction volume. Robinhood has received the Apple Design Award, the Google Material Design Award, and was named Fast Company’s 11th Most Innovative Company in the World. We’re backed with $539 million in capital from top-tier investors such as DST Global, NEA, Index Ventures, Thrive Capital, Sequoia, and KPCB, and valued at $5.6 billion. Robinhood is based in Menlo Park, California with a regional office in Lake Mary, Florida. About the Role The Securities Lending Operations Manager will be responsible for designing and executing Robinhood Securities’ Securities Lending back office function, so it scales to support Robinhood’s ambitious growth plans for Securities Lending. The candidate will design, implement, iterate on, and oversee our securities lending back-office areas: new account onboarding, securities lending trade processing and settlements, buy ins, recalls, call-backs, fully paid program (tracking, compliance, payment) and regulatory reporting. The candidate will also oversee processes including operational issues, new strategy implementation and product offerings. They will be responsible for managing regulatory risk and for compliance with Firm policy, SEC rules, and FINRA regulations. The candidate will also work cross-functionally to champion a compliant culture and business. As a Securities Lending Operations Manager you'll: Design and test operational procedures and processes for all aspects of Securities Lending including the fully paid program. Adhere to and remain compliant with Robinhood Securities’ back office related Written Supervisory Procedures. Lead the operations team in processing Robinhood Securities’ regulatory inquiries, reporting and audits. Manage and resolve escalated issues from trading and operations. Liaise with compliance, trading, and business management to ensure strategies are implemented and objectives are met. Coordinate operations team roles and responsibilities with the business. Review workflow process, develop strategy and employ tactics for the day to day operations of the back office. Some things we consider critical for the role: Ability to learn quickly, think critically and apply problem-solving skills to resolve issues and implement process improvements. Trustworthy, self-motivated and able to thrive in an entrepreneurial environment. Great communication and relationship management skills. A passion for Robinhood’s product and our mission to democratize access to America’s Financial System. Bachelor’s degree from an accredited institution. FINRA Series 7 or 99. 5+ years working in Securities lending back office operations. Experience working with regulators and/or completing an SRO audit.

Robinhood is changing the way America invests. We believe our financial system should work for everyone and not just a few. We offer commission-free trading for stocks, ETFs, options, and cryptocurrencies—all in one, user-friendly platform. Since our public launch in 2015, we’ve enabled millions of people to participate in the markets, cementing us as the fastest-growing brokerage ever.  About the Role We are looking for a Software Engineer to work within our Security Engineering team to build tools and services that secure our platform and our users. As a Software Security Engineer, you will be responsible for building services that protect our users from attacks such as account takeover, phishing, and other such common attacks. You will also work with the backend engineering team to build out microservices that our APIs can interact with for central services such as authentication, authorization, and risk monitoring. You will be critical in further developing our user trust and safety infrastructure to ensure that our users’ data and information is protected using the best mechanisms available. You will work with our data science team to understand risk and attack patterns to build threat intelligence tools to help predict potential attacks against the platform and defend against these patterns as well. As a Software Security Engineer you will: Build microservices for core infrastructure such as authentication Work with the product and backend engineering teams to build a user trust and safety product Work with the security team to fix any security bugs that are identified Work with the data science team to use patterns of suspicious activity to proactively build tools to prevent such activity. Some things we consider critical to being a Software Security Engineer : 5+ years of experience in Software Engineering Familiarity with AWS or other cloud systems Familiarity with Docker, Kubernetes, or other container based systems. Proficiency in Python, or similar dynamic programming language. Proficiency in SQL and SQL-like databases Experience building standalone APIs that can be consumed by various types of clients Experience working with Security, DevOps, and Incident Response teams. Nice to haves: Experience with deployment tools such as SaltStack, Ansible, etc. Experience with web frameworks (EmberJS, ReactJS, etc.) Experience with data warehousing and data analysis Experience in Finance and portfolio trading.

We are looking for Security Engineers who are security subject matter experts and can be primary points of contact for our developers. You will solve security challenges by working directly with fellow engineers, balancing product developments against security risk solutions that allow us to deliver product quickly and securely.   We also think it is very important to provide this knowledge and insight to our customers as well. So along with making sure that our internal systems are healthy and secure, you would also be expected to democratize that learning to our customers. This is a good summary of what we are trying to accomplish with this role:  https://medium.com/synapsefi/security-as-a-service-c5c71c8f47d 0. In order to be successful at Synapse, you should have: A drive to help democratize best in class financial products An ability to work independently within a small, fast-paced team An entrepreneurial spirit and unrelenting passion to deliver the best service possible The ability to implement feedback, learn quickly, and contribute new ideas A general concern for the wellbeing of others and the desire to work on problems that maximize a positive future for humanity Key Qualifications: Strong understanding of OWASP Top 10 Familiarity with testing tools like Burp Suite Deep knowledge of HTTP and other basic web protocols Minimum two years of work experience Perks: Growth Potential Competitive Salary Insurance (Health // Dental // Vision) 401(k) Temporary Housing (for those relocating to San Francisco) Catered lunch and commuter benefits Compensation: $70K - $90K 0.0% - 0.007% We are looking for top notch individuals who are seeking a challenge. Our company is growing quickly. This is an exciting time to join our team. If you are interested in adding value to our team, please apply and we will be in touch.

DESCRIPTION About Monese At Monese we believe that access to banking and financial services is a right that everybody should enjoy. We are on a mission to ensure that anyone in the world who needs a bank account can get one. By using leading edge technology via smartphones, we offer services that are easy to access, simple to use and cheap to run for anybody. The first Monese product already serves hundreds of thousands of customers in the UK and Europe, and we are adding new services on a regular basis. Our fast-growing team is located in London, UK, Tallinn, Estonia and Lisbon, Portugal. By working with us, you will be part of a carefully selected team who are great at what they do and share the belief in our mission of making banking available to everybody. We’re not just a start-up with an idea; we have a proven business model that is growing exponentially and generates strong revenues.   Job Description As IT Security Engineer at Monese you will be responsible for protecting the organisation’s computers, networks and data against threats, such as security breaches, computer viruses or attacks by cyber-criminals. You will be required to evaluate and identify any potential Security Threats to the business and to ensure the proper and robust risk mitigation systems are in place. You will also ensure the appropriate Information and Cyber Security controls are effectively implemented and managed. You will be relied upon for carrying out good practice and behaviours in all the teams and informing Head of Internal IT where and when improvements need to be made.   Role responsibilities: Provide guidance and assist business stakeholders with (IT) Governance and Information Security enterprise. Manage security audits and report audit issues. Educate and support the team leads on all IS matters. Contribute to the future Information Security & Governance strategy Accountable for ISO 27001 ISMS maintenance and related activities. Manage and maintain Information Security Audit program and Risk Event Register. Ensure Monese is compliant with the GPDR legislation that must be enforced and of relevance to the appropriate running of Monese. Audit and manage any reported breaches from the security auditor(s) and ensure the escalation of these reports according to the organisation’s policies. Providing reporting on a monthly/bi-monthly/quarterly basis for the key stakeholders detailing any breaches. Ensuring that all IT services are reliable and secure. Proactively improving services security and quality. Cooperating with Internal IT, software and quality engineers to ensure that all teams are on the same page with regards to IS. REQUIREMENTS Strong background and proven track record in IT (IT support, System Administration, Software Development) 3+ years of experience in IT security Ideally IT Security / Computer Science related degree or certification Have strong knowledge of IT systems, processes and controls Understanding of Database, Networking and Systems Experience with Antivirus software and web proxy management Governance, Risk and Compliance (GRC) – Including ISO 27001, GDPR Understanding of applicable UK law and regulations in relation to IT Security Aware of current developments in IT security A thorough understanding of information security principles Strong analytical skills Ability to prioritise tasks, communicate effectively and recognise the value of collaboration between team members BENEFITS Benefits of working at Monese: Opportunities to progress in your career, being an essential part of a growing team and processes An opportunity for independent and self-reliant work Knowing your contributions matter on every level in making our product the best it can be International team and fun office environment with plenty of perks An incredible team of open-minded people dedicated to creating the best banking product yet Stock options.

At Symphony, we’re on a mission to help people communicate, collaborate and enjoy their work.  Our secure messaging and meetings platform is changing the way people do business in information sensitive industries.  Our customers are fast-paced, and rely on Symphony to keep up, while ensuring complete data privacy and information security. We are seeking a passionate and experienced Information Security Analyst to augment our efforts in Vulnerability Management, including protection and understanding of risk in relation to business information assets and, building systems that are compliant & meet global security standards.  This role reports to the Director of Infrastructure Security and helps protect the confidentiality, integrity and availability of information assets with a critical focus on Symphony’s vulnerability management program. RESPONSIBILITIES: Triage & Analyze reports from Symphony’s Bug Bounty Program and other external or internal sources, take appropriate action and respond to maintain Symphony’s level of security Reproduce reported application vulnerabilities Collaborate with colleagues at all levels of the organization, across all business and technology functions, in order to advance and support the vulnerability management program Track, triage and schedule component vulnerabilities used across IT and Cloud infrastructures Analyze, identify improvements, and optimize Symphony’s vulnerability management processes Cross-train with team members on all other Infrastructure Security Tools such as SIEM, Firewall, monitoring tools REQUIRED QUALIFICATIONS: 5-6 years’ relevant experience focused on vulnerability management for web applications CISSP or relevant SANS certification Proven experience of combined security and\or IT work experience in a position focused primarily on application security Knowledge of Information Security standards and secure coding best practices Experience with conducting network, operation system, database and/or vulnerability assessments and security configuration/hardening audits Knowledge of Static and Dynamic Analysis tools (SAST/DAST) such as Veracode, Checkmarx, SonarQube, OWASP ZAP Excellent Verbal and Written Communication Skills Nice to have: Java development background Python and/or other scripting abilities CEH or OSCP certification ABOUT SYMPHONY: Symphony transforms the way users communicate effectively and securely with a single workflow application. Forging a new path in the industry, Symphony is designed to help individuals, teams and organizations of all sizes improve productivity, while meeting complex data security and regulatory compliance needs. Symphony was founded in October 2014 and is headquartered in Palo Alto, CA, with offices in New York, Hong Kong, Singapore, Tokyo, Stockholm, Sophia-Antipolis and London.   Symphony has raised roughly $300 million from the world’s largest financial institutions and recognized investors such as Bank of America - Merrill Lynch, Barclays, BNP Paribas, Citibank, Goldman Sachs, JP Morgan Chase, BlackRock, Credit Suisse, Deutsche Bank, HSBC, Wells Fargo, UBS, Société Générale as well as Google. We’re looking for top-notch talent to join our team to help us change the way the world communicates. If you have the skills and savvy to work with a world-class team and an appetite for game-changing disruption, we want to hear from you!   BENEFITS AND PERKS*: Medical, dental, and vision coverage 401(K) plan Life and AD&D coverage Short-term and long-term disability coverage Employee assistance program Flexible spending account benefits Unlimited vacation and sick time Fully stocked kitchen and catered or reimbursed lunches Discounted gym memberships Many other fun and exciting benefits and activities! COMPENSATION: Competitive salary Bonus Plan Equity  *Benefits and Perks vary based on location. Symphony reserves the right of ownership for all unsolicited resumes submitted for this requisition and is not responsible for any fees associated with unsolicited resumes. Symphony is an Equal Opportunity Employer. Symphony participates in E-Verify.  Any offer of employment is conditioned upon the completion of an I-9 form and submission of the appropriate documents for identity and work authorization.

Technical Project Manager, Security will work with cross functional teams to lead complex technical security projects that ensure the protection of data, assets, and employees. WHAT YOU’LL DO: Own the lifecycle of technical security projects Coordinate with cross functional teams, and vendors to define and manage project scope, schedule, and overall plans Collaborate with operations, engineering, security, and other internal teams to identify, understand, and address their needs with technical security solutions Maintain documentation throughout project lifecycle and prepare reports for security leadership and other key stakeholders WHAT WE ARE LOOKING FOR: Bachelor's degree or equivalent experience in a related field (project management, information security, etc.) 3+ years of project management experience in a corporate or startup environment with technology background Security or project management certifications (i.e. CISSP, PMP) certifications preferred Proven ability to work creatively and analytically in a high growth fast paced environment preferred Highly organized, with solid time management skills and acute attention to detail preferred WHO WE ARE: Ripple provides one frictionless experience to send money globally using the power of blockchain. By joining Ripple’s growing, global network, financial institutions can process their customers’ payments anywhere in the world instantly, reliably and cost-effectively. Banks and payment providers can use the digital asset XRP to further reduce their costs and access new markets. With offices in San Francisco, New York, London, Sydney, Mumbai, Singapore and Luxembourg, Ripple has more than 100 customers around the world. Ripple is an Equal Opportunity Employer. We’re committed to building a diverse and inclusive team. We do not discriminate against qualified employees or applicants because of race, color, religion, gender identity, sex, sexual preference, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other characteristic protected by local law or ordinance.

At Plaid, we believe that the way consumers and businesses interact with their finances will drastically improve in the next few years. Our goal is to build the tools and infrastructure for developers to create this next generation of financial services applications. Today, hundreds of companies such as Robinhood, Stripe, and Venmo rely on Plaid to integrate with banks and the financial system.   With this work comes the crucial responsibility of protecting our developers and their end-users from malicious actors. We were the first to release account number tokenization through our partnership with Stripe, first to create end-to-end tokenization of consumer financial data, and first to write the spec that several Fortune 50 banks are now implementing to permission consumer and business financial data. At Plaid, security is a critical part of everything that we do, not just something to be scared of. What excites you Implementing tools for security monitoring, audit trail collection, event correlation, fraud mitigation and related security needs Triaging and patching vulnerabilities across Plaid's cloud instances Providing education and guidance on security topics across the Plaid team Working with DevOps to ensure that environments are consistent with security controls Handling various security processes and applications including scanning, host inventorying and code inspection tools Managing VPN, firewall, SSO/federated identity and other critical operational infrastructure Working in conjunction with Techops to manage security related MDM activities including endpoint patch management and auditing Being responsible for external messaging of security processes and systems, and keeping up-to-date with industry developments What excites us Ability to code and script to automate common activities and effectively implement various security tools Experience with log aggregation and correlation tools Experience evaluating and rolling out security related patches and configuration changes Experience managing VPN devices and configurations Experience working with SSO/federated identity solutions Experience handling security events as they happen Bonus Production software engineering experience and mastery of at least one language Experience doing security operations in a cloud environment, particularly AWS Experience communicating security policies to 3rd parties in compliance and security review settings Incident Response experience We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Digital Reasoning is seeking a Security Engineer for our Infrastructure Operations team. We're looking for a bright, ambitious, and highly capable person to drive the information security initiatives across our fast-paced organization and work with advanced technologies. What you’d be responsible for Perform daily system monitoring, verifying the integrity and availability of all systems and key processes, reviewing system and application logs for security related events. Utilize and configure infrastructure monitoring and reporting tools. Develops and manages security policy and procedure for business units across the enterprise to prevent malicious attacks from compromising company systems and information. Management of automated and human Penetration Testing and Vulnerability Scanning cadence, including enforcement of remediation of findings with Product Management Develops and implements security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures, and use of firewalls and encryption routines). Responsible for the configuration and management of antivirus, IDS/IPS,reputation, system integrity monitoring, and for the tracking and monitoring of software virus and malware incidents. Enforces security policies and procedures by administering and monitoring security profiles; reviews security violation reports; investigates possible security exceptions; and updates, maintains, and documents security controls. Maintains and monitors the company’s firewall and ensures utilization of encryption methods. Provide input into, and regular updates on, RFP responses and customer-facing architecture and security collateral Provides direct support to the business and IT staff for security-related issues. Educates IT and the business about security policies and consults on security issues regarding user built/managed systems. Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues. Current technology stack includes OSX, Linux, AWS, Cisco/Meraki, Hadoop, ElasticSearch Python, Django, MySQL, Angular, Git Performs other related duties as assigned.   Traits we’d love to see HIPAA and HiTRUST experience Ability to work on multiple tasks, prioritizing and organizing these tasks to maximize productivity Self-starter with strong communication skills Ability to work independently as well as in a team Eagerness to tackle problems outside your core competencies and learn new technologies as required BS or MS in Computer Science, Information Systems or demonstrated industry hands-on experience Minimum 5 years of hands on security experience Experience in securing server and network environments for modern web applications and services Experience with Linux servers in virtualized environments Knowledge of common information security management frameworks Strong background in security operations, processes, solutions and technologies Strong understanding of policy, compliance, and best practice security principles Familiarity with docker or other containerization technologies Knowledge of infrastructure, key processes, and technology-oriented risk issues, specifically around security and privacy Experience with enterprise risk assessment methodologies Knowledge of security domains such as Vulnerability Assessments, Intrusion Prevention and Detection, Access Control and Authorization, Policy enforcement, Application Security, Protocol Analysis, Firewall Rulesets, Incident Response, DLP, Encryption, Two-Factor Authentication, Web-filtering, Centralized Security Event Logging, Advanced Threat Protection, Forensics tools, End Point Security Clients. Experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks. CISSP, GPEN, CEH or other relevant Information Security certifications are a plus

As a Principal Security Engineer at Kensho, you are a thoughtful, collaborative, and dynamic technologist who loves ensuring security across a number of systems and web applications. You think deeply about the implications, relationships, edge cases, and failure modes, and you are passionate about correctness, security, and writing the next thing, so you aren't spending time maintaining older projects.   Are you a prolific, intellectually curious technologist who appreciates code, math, and security? We are on a mission to clarify complex data through scientific, statistical, analytical, computational, and inspired study. By transforming the data, we are able to bring transparency to some of the most important issues on the planet. You will be joining a team of veterans from Google, Twitter, and Facebook, as well as academia. What You'll Do: Evaluate and strengthen Kensho’s security systems and processes across all products and teams by building a scalable process to ensure the security feedback loop is strong Write, monitor, and triage security tests and test infrastructure Directly interface with customer infosec teams, lawyers, external security researchers as well as internal partners to ensure that Kensho maintains a best-in-class security envelope Cultivate full team participation in high quality, thoughtful, secure software What We Look For: Deep experience securing modern web applications and distributed data infrastructure in a cross-team setting Willingness to find and fix vulnerabilities in both our own software and 3rd party dependencies Experience with penetration testing and industry-standard cryptography Expertise in automated and scalable testing, automation, and continuous integration frameworks Desire to build a strong, operationally-minded engineering culture through effective and thoughtful coding, documentation, and collaborative approach as a code reviewer and teammate How to Really Get Our Attention: Security engineer experience at a top 10 software company Participation and awards at security capture-the-flag competitions Open source project contributions showing innovation and initiative Hedge fund or major financial institution trading experience Relevant research, publications, and patents Technologies We Like: Python, Linux, Docker, Kubernetes, Calico, Git, Jenkins, Sentry, Cypress Perks: Medical, Dental, and Vision insurance with 100% premium covered Unlimited vacation days Paid Parental Leave 401(k) plan with employer match Free snacks and drinks Dog-friendly office Cardio machines and weights in the office Hubway (bike sharing program) membership

Join Upstart as our  Information Security Architect , where you will bring security controls into our cloud infrastructure. Reporting to the Head of information Security, you will set up security incident and event management within Upstart. You’ll play a key role in ensuring security controls through design and architecture in our infrastructure, creating protocols for how we restrict access and data to specific users, and identifying and rectifying cases in which our infrastructure and data processing applications/databases isn’t secure or secure enough. You will also be a thought leader and represent Upstart at security conferences and events. As one of the first members of this team, you will also have an opportunity for growth into management. Here is more about what you’ll be doing: Managing security compliance in all infrastructure-related projects including mapping Technology compliance into our infrastructure Partnering with engineering and dev-ops to provide security guidance in managing secure networking, securing IT assets and defining requirements for our Devops Team  Building out Upstart’s future through infrastructure by creating AWS-based security controls from scratch using a variety of AWS tools Set up a regular vulnerability scanning tools and manage remediation of identified issues Conducting infrastructure security audits, penetration tests, and periodic access reviews to applications and infrastructure Owning security controls relating to application access and data encryption Leading vulnerability management and incident management procedures Keeping abreast on all compliance/regulatory news and information in fintech to ensure Upstart is at the forefront of changes in the industry Actively participating in open source forums (e.g OWASP) and cloud infrastructure conferences Requirements: 5+ years of experience in information security, preferably with experience in enabling security incident and event management 3+ years of experience in a leadership role Certification in IT or cybersecurity (e.g. CISSP or CISM) will strengthen consideration Experience working in high-security/high-compliance environments, Maintain compliance requirements with international standards such as (SOX, SOC2 and ISO27001) Experience setting up and working with AWS Inspector, Kinesis - Lambda based security response, Macie, Gaurd Duty, Config and Config rules Experience setting up and working in security operations Ability to define high-level strategy for security/compliance monitoring and risk mitigation Strong written and verbal communication skills

Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Staff Security Engineer is to own and lead Credit Karma's Security initiatives. What will you do? Document and implement security zoning best practices. Partner with Network, Platform, and Dev teams to design security-centric architectures and frameworks. Review third-party and partner integrations to ensure compliance with security best practices. Develop Identity and Access Management standards and enforce best practices. Drive security and support initiatives as subject matter expert. Drive security at scale, focusing on automation and process improvement. Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack. Serve as an escalation point in responding to security incidents and investigations. What’s great about it? Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe. Work alongside a highly motivated, helpful and collaborative team. Have the autonomy to achieve results without micromanagement. Solving frontier security problems at scale in a highly technology-focused team. Spending zero minutes convincing anyone why security is important - we all understand that very well already! What do we expect? Balance of high-level architecture and design principles and strong technical know-how. Experience working in a fast-paced, dynamic yet mature engineering environment. Effective cross-functional communication and ability to achieve results. Confident articulating complex technical content to Senior Management and business partners. Self-starting attitude and fearless ascent up the learning curve. Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change. A fun and positive attitude!

Credit Karma's mission is to make financial progress possible for everyone. We have over 80 million US members and are now taking aim internationally. In just 12 months from launch, we’ve grown Credit Karma Canada to be the #1 destination for free credit scores and reports, and we’re just getting started. Your role will be to our international growth efforts in Canada and globally beyond. We’re looking for a leader to take charge of driving execution and high performing operations for all of our international product and engineering teams. You will drive key decisions along the way that will impact our entire International team. We are operating as a well funded and supported “startup” within Credit Karma with enormous opportunity to move fast and have high impact. The Technical Program Manager Lead will work directly with the VP, International and be a critical leader for the cross-functional teams and the overall Credit Karma International roadmap, including existing country products and new market entry. The role will start as a hands-on individual contributor and quickly scale to be a manager role. This position will be based in San Francisco, but may require frequent travel. What you'll do: Lead on technical program management for entire Canada product roadmap, including: Scoping and setting near- and long-term goals and OKRs. Driving on-time delivery of every product launch. Identifying any risks or blockers along with solutions to get back on track. Lead on go-to-market planning for all new markets, including: Leading the complex, cross-functional efforts to launch, ensuring timely and successful execution. Hands-on responsibilities during and through launch to ensure success of newly formed country teams, especially through first 6 months of operations. Deep involvement of hiring and crafting team culture for new product and engineering teams. Directly handle third-party platform relationships, for example, for Localization Craft and run critical team infrastructure for all markets, building off of core Credit Karma systems and methodologies that exist. These areas include: Culture building for each country’s product and engineering team as well as the International team overall. Metrics & reporting infrastructure so that the International Analytics team can achieve maximum scale and impact. Communications channels from the our team out to the rest of Credit Karma. Cross-pollination of information on product roadmaps, experiment results, and other lessons learned between the broader company and our team. Build the operating models for each of our Country teams and our broader International team partner successfully with other teams such as Security, Infrastructure & Platform, Legal & Compliance, Member Support, etc. Be the first of what will be a growing team of Technical Program Managers for International, including the opportunity to directly hire and develop this team over time. What's phenomenal about it: You’ll build something that has the potential to positively affect millions of people around the world The work you do will have significant impact and visibility across Credit Karma This role brings the best of both worlds: the experience of growing early-stage products and businesses with the support of a successful later-stage internet company Credit Karma is an equal opportunity employer, and we highly encourage people of all backgrounds to apply; This is especially true on our International team where each of us should have empathy for members, partners and colleagues of diverse backgrounds What we expect: Interest and excitement in our mission of enabling financial progress, especially internationally 8+ years of related experience, including technical program management, operations, engineering or product management Track record of success in driving wholly new, large scale product launch plans Deep understanding of program management methodologies with prove ability to adapt to unique team needs and objectives Ability to critically observe operational results (both good and bad) to make independent recommendations and decisions about how to improve Ability to create a shared team culture and get results directly or indirectly, especially across diverse cross-functional teams Professional experience leading projects across multiple remote locations, ideally internationally Experience working hands-on with product and engineering teams in both smaller startup and large company environments High level of proficiency in technical understanding and working directly with engineers to anticipate operational risks and tackle problems Ideally experience managing teams directly Bachelor’s degree from a top university required; Master’s degree is preferred

Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Security Engineer is to develop detection and protection controls as well as build content that will feed automated actions and infrastructure changes. What You'll Do Deploy and maintain security solutions that will prevent and detect attacks against CK's infrastructure Develop content and tune alerting for important events. Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack. Partner with incident responders to automate repetitive actions. Build and monitor integrations between security solutions and ensure the completeness and accuracy of ingested data.  What's Great About it Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe. Solving frontier security problems at scale in a highly technology-focused team. Spending zero minutes convincing anyone why security is important - we all understand that very well already! What We Expect Solid grasp of system, network and security fundamentals Strong scripting or relevant programming skills for automating repetitive tasks. Experience working in (or closely with) a Security Operations Center. Experience creating detection content and writing correlation rules Expertise configuring and administering at last one vulnerability management solution. Expertise configuring and administering security automation and orchestration platforms Self-starting attitude and fearless ascent up the learning curve. Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change. A fun and positive attitude!

Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as a Senior Staff Security Engineer is to own and lead Credit Karma's cloud security initiatives. What You'll Do Partner with Network, Platform, and Dev teams to design security-centric cloud architectures and frameworks. Drive cloud security and support initiatives as subject matter expert. Develop Identity and Access Management standards and enforce best practices for the public and private cloud. Drive security at scale, focusing on automation and process improvement. Identify opportunities for implementing additional technology controls to create more visibility or defend key points of attack. What's Great About It Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe. Work alongside a highly motivated, helpful and collaborative team. Have the autonomy to achieve results without micromanagement. Solving frontier security problems at scale in a highly technology-focused team. Spending zero minutes convincing anyone why security is important - we all understand that very well already! What We Expect Balance of high-level architecture and design principles and strong technical know-how. Effective cross-functional communication and ability to achieve results. Solid grasp of cloud security solutions, both native and 3rd party. Experience leading cloud workload security initiatives in an enterprise-scale, mixed-vendor environment. Proven track record in architecting secure IaaS, PaaS and SaaS frameworks in both public and private cloud environments. Confident articulating complex technical content to Senior Management and business partners. Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.