Senior Product Security Engineer

Remote Posted 13 days ago
Main Location
San Francisco, CA, United States
Open jobs

About Good Money 

Good Money is the world’s first digital banking platform where we make every customer an owner and allocate 50% of our profits to social and environmental impact.

Good Money is a conscious banking platform providing best-in-class mobile banking and financial services while democratizing ownership to its customers for the first time in history. The combination of an activist brand with D2C experience at scale positions positions Good Money to be a leader in the historic disruption of banking. The company is led by world-class founders who have built billion dollar+ companies with marketing experience and relationships that can bring tens-of-millions of users into the ecosystem quickly. 

We have the support of top investors including Breyer Capital (Facebook), Blocktower, Boost (Draper), Ken Howery (Founders Fund and PayPal co-founder), BlockChange, Cross Culture (Marlon Nichols), Struck Capital, Gil Penchina, Mitch Kapor, Peter Diamandis (X Prize), and Justin Rosenstein (Asana and Facebook “Like” button) and many others. 

Role Summary 

We’re hiring a Senior Product Security Engineer as we prep to launch into market. Our Security team will have a unique cross-organizational lens into our company, starting with our mobile apps, then our website, our cloud infrastructure, and all we do. 

We’re looking for a senior security engineer who can lead and implement a successful security program. As a key node of the security team, this role will help define, build, and maintain a suite of tools and programs that keep our data safe and secure across the enterprise.  

You’ll work hand-in-hand with product managers along with our engineering team. You’ll help ensure we are developing code in a stable way, run scanners on our code to proactively identify problems before they hatch. Full role details and responsibilities are listed below. 

It’s the right role for engineers who:

  • Have lived through the starting or growth phase of a fintech or digital banking product
  • Want to hop in on the ground floor of a product
  • Want to grow their leadership and management skills by taking greater ownership over building a security program 

Your functional areas of impact and experience:

  • Vulnerability Management
  • Data Protection and Privacy
  • Risk Management
  • Third Party Risk
  • Access Control
  • Incident Management
  • Education, Training and Awareness
  • Application Logging and Monitoring
  • Business Continuity and Data Recovery

Perks

  • A freedom and responsibility culture; space to be you and live your life
  • Remote-first culture with location flexibility as long as you have strong wifi and feel alive
  • Fully-stocked San Francisco HQ and LA sister office with space for quiet, deep work and team collaboration
  • Support to help build out your remote home office 
  • Premium health/dental/vision coverage nationwide 
  • Open, encouraged, and unlimited PTO 
  • All the equipment you need to get things done 

Hiring Philosophy & Process

Look, we know job searching is hard, time-consuming, and stressful. We aim to let you know everything we can, when we can. We want to make sure you have all the time you need to learn more about us. We also want to have the time we need to learn more about you. Once we surpass the threshold, we want to move forward. 

As an early hire, the more hats you can wear the easier it is for us to hire you. Especially if you're the self-directed type that makes smart decisions on your own and doesn't need a ton of guidance.

Anticipated Process for Top Candidates during August: 

  • Drop your application with us here 
  • Zoom interviews with People Ops and Engineering 
  • Regular check ins to see if the role is still right for you 
  • Reference checks, negotiation, and offer.

 


Role in Detail 

Responsibilities:

  • Perform susceptibility/vulnerability scans and manage the resolution of threats and conduct systems testing to ensure that critical vulnerabilities become identified.
  • Serve as technical security resource for large complex projects that involve cross-functional teams and solutions.
  • Assess Software as a Service (SaaS) products for security compliance.
  • Conduct periodic user access control verifications.
  • Assist with client risk assessments, vendor due diligence, and compliance audits.
  • Help establish security on devices such as network switches, firewalls, containers, data loss prevention systems, intrusion detection and prevention systems.
  • Help develop and maintain dynamic web application security testing and static code analysis initiatives, both manual testing and utilizing application security tools to discover exploitable vulnerabilities.
  • Management of operations automation tooling (CI/CD, Terraform, etc.)
  • Develop and maintain endpoint asset management service to ensure security and compliance standards
  • Develop and maintain tools to support centralized role-based user access (SSO, SAML)
  • Researches new technologies and products for their applicability to business processes.

Skills that will help you succeed: 

  • Experience in the area of information/cyber security engineering or operations, including hands-on experience with security tools and devices such as network firewalls, web proxies, IDPS, vulnerability scanners, and penetration testing tools.
  • Experience in maintaining and implementing security controls and securing enterprise-wide systems, applications, network, and infrastructure services.
  • Experience working with design and implementation of cloud based systems and applications - Amazon Web Services (AWS), Google Cloud Platform (GCP).
  • Experience with implementation of vulnerability remediation strategies, configuration and execution of vulnerability and web application scans, and automating of server configuration for security including logging, key changes, and system hardening.
  • An in-depth knowledge of Linux and containerized (Kubernetes) server platforms, system patching and remediation.
  • Familiarity with FinTech compliance, audit, and privacy standards and controls such as FFIEC, SOX, PCI-DSS, SSAE (SOC), and GDPR.
  • Strong technical skills and the ability to analyze information and evaluate results to choose the best solution and solve problems.
Help us maintain the quality of jobs posted on PowerToFly. Let us know if this job is closed.
Mission
We're a community of women leveraging our connections into top companies to help underrepresented women get the roles they've always deserved. Simultaneously, we work to build truly inclusive hiring processes and environments where women can thrive and not just survive.
Are you hiring? Join our platform for diversifiying your team