Staff Application Security Engineer at Better (Remote)
Founded in 2016, Better is a digital-first homeownership company whose services included mortgage, real estate, title, and homeowners insurance. We leverage creative technology and innovation to make the homebuying journey more approachable and understandable. Here are some interesting facts to help you get to know Better:
- From its founding in 2016 through 2020, Better funded $30.9B in home loans and provided over $7B in cumulative coverage through Better Cover and Better Settlement Services, the insurance divisions of Better
- Ranked #1 on LinkedIn’s Top Startups List for 2020 and 2021
- Ranked #2 on Fortune's Best Companies for Millenials 2021
- Fortune Best Workplaces for Women 2021
- People Magazine Companies that Care 2021
- Inc Magazine's Best Workplaces 2021
- Top Women Originators 2021
- Our Founder and CEO was named in Comparably's Top 25 CEOs for Diversity
- Better has raised over $400M in equity capital since inception
Our company is made up of driven, passionate people who bring their unique backgrounds and perspectives to everything we do. We are committed to fostering diversity, multiculturalism, and inclusion. We encourage individual potential rather than years of experience. We see the value in each person’s perspective, and recognize their talents, regardless of what the market says. We believe it’s important to nurture a company culture that encourages curiosity and passion—from employee resource groups and learning opportunities to team outings and community outreach.
Better is a family of companies. Better Mortgage Corporation provides home loans; Better Real Estate, LLC provides real estate services; Better Cover, LLC provides homeowners insurance policies; and Better Settlement Services provides title insurance services.
As a member of the Trust Engineeringing team, you will focus on revealing potential weaknesses and coming up with creative solutions to eliminate entire classes of vulnerabilities, by creating libraries, tools and practices. You will do this by performing code reviews during development, threat modelling during design reviews, and performing security assessments of our live applications. In short, your role will be to build partnerships with other engineering teams, to enable our developers to ship features securely throughout all phases of the SDLC.
We’re looking for individuals with a strong background and interest in securing systems and infrastructure at scale, comfortable in dealing with lots of moving pieces, with a keen eye towards detail, and comfortable learning new technologies. We’re looking for someone to help scale the company with incredible people across the board. Building world-class financial services requires world-class security.Responsibilities
- Contributing security-focused feedback to engineers during all phases of the development lifecycle.
- Working with other senior technical leaders in Engineering and InfoSec to develop a long-term strategy for a strong overall security posture.
- Participating in and supporting application security reviews and threat modeling, as well as the development of these processes themselves.
- Communicating risks to engineers through training and technical demonstration of vulnerabilities and secure design patterns.
- Deploying, fine-tuning, and automating processes by developing tooling to mitigate application level threats to Better at scale.
- Collaborating with other engineering teams to drive remediation of security vulnerabilities, while balancing prioritization of security issues within SLAs and teams’ respective product backlogs.
- Provide ongoing knowledge transfer and training of secure coding best practices, illustrating how any recent findings introduce risk to Better.
- Serve as a subject matter expert with the development team through the software engineering process including but not limited to security reviews/remediation pertaining to the stage of the SDLC.
- Maintaining current knowledge of emerging security threats that could impact Better.
- This role is designated as ‘Flex Mode,’ and is not a fully remote position. The number of days in office will vary based on role requirements. As such, employees must be located within commuting distance of the office and provide proof of COVID-19 vaccination.
- Bachelor’s degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience
- 5+ years experience in security testing of web applications and native apps
- Expertise in common security libraries, security controls, and common security flaws.
- Expertise in SaaS architecture on AWS
- Coding or scripting experience and skills to contribute to the development and improvement of tooling.
- Experience using web application vulnerability scanning tools (Burp Pro, ZAP) and with manual web application testing.
- General understanding of security standards such as PCI, NYDFS, NIST etc.
- Working knowledge of OWASP Top 10.
Better is requiring all US employees to be fully vaccinated in order to go into the office. Our priority is first and foremost the safety of our employees and we require COVID-19 vaccination to help ensure their safety in the workplace. Please note that Better will offer a reasonable accommodation process for employees who are not vaccinated for medical or religious reasons.
The Better mission is rooted in values that drive us.
- We do what’s in the best interest of the consumer, not ourselves
- We have growth mindsets, not fixed ones
- We believe that success lies in execution, not credentials
- We act like owners, not just employees
- We work to find answers on our own, not wait for them to be given to us
- We optimize for mission, not ego
Our mission speaks for itself—we continue to outpace the industry at every turn. We’ve joined forces in partnership with Ally Bank, and our backers have helped build some of the most transformative tech and finance companies in history. Kleiner Perkins, Goldman Sachs, American Express, Citigroup, Activant Capital, Ally Bank, and others have invested in our vision for what homeownership can be.
Better Benefits & Compensation
Our total rewards package consists of base salary, equity, benefits, and opportunity for yearly cash bonus. Some of our benefits include:
- Comprehensive healthcare, retirement, and voluntary benefits. Think medical, dental, vision, savings accounts, 401k, and more.
- Personalized care and tools for realizing your mental health and wellness goals
- Robust wellbeing offerings that allow you unlimited access to virtual fitness, meditation, yoga, cooking classes, homeschooling preparedness, physical therapy, and more.
- Unlimited time off (with manager approval)
- 12 weeks of paid parental leave after 90 days of employment, and 20 weeks after 24 months of service.
- Inclusive fertility benefits for you or your eligible dependents, regardless of participation in a Better medical plan.
Better is an equal opportunity employer. We do not discriminate on the basis of race, color, religion or religious creed, sexual orientation, gender, gender identity, marital status, family or parental status, disability, military or veteran status, or any other basis protected by law. If you require further accommodations or have questions regarding accessibility of our roles, please reach out to [email protected]. All employment decisions at Better are based on a person’s merit, business needs, and role requirements.
California Consumer Privacy Rights Notice for Job Applicants
Under the California Consumer Privacy Act (CCPA), Better is required to inform California residents who are our job applicants or prospective talent (together "job applicants") about the categories of personal information we collect about you and the purposes for which we will use this information. The notice contains disclosures required by the CCPA and applies only to personal information that is subject to the CCPA.