Security Engineer, Application Security at Stash
Want to help everyday Americans invest and build wealth? Financial inequality is increasing, and too many people are getting left behind. At Stash, we are passionate about democratizing wealth creation through education, advice, and products that help customers achieve greater financial freedom.
We are looking for Security Engineers to join us and help protect our rapidly expanding web and mobile investment platform. As a Security Engineer, you’ll be a part of the team that identifies and architects solutions that will protect Stash customers, employees, and our product from threats. You will use your creativity and passion for security to create the most secure environment possible at Stash.
We have a number of open roles and are looking for team members with experience in one or more of the following areas: infrastructure and cloud security, data security, application security, trust and safety (customer security), and IT security.What you’ll do:
- Design and create security controls for Stash including defining security requirements, design, and driving implementation
- Identify and analyze security vulnerabilities, and engineer, scalable solutions that systematically address them in the environment
- Collaborate with Engineering and Product teams on security
- Perform security reviews, threat modeling, and assessments on our environment
- Balance our security risks and business requirements by clearly communicating risks to both technical and non-technical audiences
- Utilize your security expertise to respond to any internal security engineering questions / requests
- Experience securing the Software Development Lifecycle (SDLC) including DevSecOps, web and mobile application security, source code scanning, and secret management.
- Proven Security Engineering experience having designed, planned, and implemented security controls
- A passion for in designing security solutions that will make a difference for millions of Stash customers
- Excellent communication and presentation skills, and ability to work cross functionally with stakeholders
- Prior experience in web / mobile / application development , (DevOps) and / or IT background
- Experience automating tasks through the use of scripting languages such as Python or, Bash
- Experience with conducting security reviews / assessments / threat models and development of remediation plans
- Understanding of public cloud service providers (Amazon Web Services), Containers (Docker / Kubernetes), and development tools such as Git, and CI/CD pipelines
- Understanding of risk management practices
- Understanding of compliance and regulatory requirements i.e. PCI-DSS, GDPR, SOX
- Understanding of Agile, and project management methodologies and tools i.e. JIRA
At Stash it is our mission to help everyday Americans invest and build wealth. That includes people of all races, genders, and abilities, so it is important to us to acknowledge and address the issues of inequality in financial services head on.
Diversity and inclusion are essential to living our values, promoting innovation, and building the best products. Our success is directly related to our employees and we believe that our team should reflect the diversity of the customers that we serve. As an Equal Opportunity Employer, Stash is committed to building an inclusive environment for people of all backgrounds.
If you require any reasonable accommodations to make your application process more accessible please reach out to [email protected].
Invest in Yourself:
- Equity & Stash Accounts [Invest, Retire, Custodial, Bank]
- Flexible PTO
- Learning & Development Fund
- Work from Home Stipends
- Parental Leave [Primary & Secondary]
- BuiltIn’s Best Places to Work (2019, 2020, 2021)
- Forbes Fintech 50 (2019, 2020, 2021)
- Best Digital Bank, Finovate Awards (2020)
- Tearsheet Challenge Awards, Best Banking Card Product - Stock-Back® Card, 2020
- LendIt Fintech Innovator of the Year (2019 & 2020)
**No recruiters, please**
This position may be performed remotely anywhere within the United States except the State of Colorado.