Bread is a technology company that aims to transform the world of paper credit card applications and hidden interest rates by providing leading point-of-sale financing options for merchants across the e-commerce journey. We build tools, technologies and APIs that allow merchants to integrate an installment loan financing and checkout experience anywhere in their customers’ shopping journey. Bread was started in 2014 by financial technology veterans, and has experienced explosive growth to date. We’re backed by top investors including Menlo Ventures, Bessemer Venture Partners, Kinnevik, among others.

We are seeking a Staff Security Engineer who will help lead the evolution of security at Bread. This role will be a part of our Infrastructure team, which builds and owns the infrastructure platform that all of Bread’s products run on top of. They enable Bread to have a fault tolerant, scalable, and knowable infrastructure on top of AWS that we can deploy our suite of products onto. This team embraces “devops” and is helping usher Bread into using kubernetes in production in 2020.

The ideal candidate will be able to take ownership of a variety of areas in our security practices and lead us forward. This is a chance to have a major impact on the direction of a company and be a part of building tech from the ground up.

Your Role at Bread

• Partner with our compliance, devops, risk and legal teams to meet all compliance requirements
• Design and implement processes to address security vulnerabilities
• Assist with yearly audit reviews
• Maintain and expand on our existing security tooling (IDS, audit logs, SEIM, WAF, and Access Control)
• Conduct penetration tests and vulnerability scans
• Advise teams on cloud security best practices
• Respond to and troubleshoot relevant security incidents within our infrastructure.
• Collaborate with Devops on Disaster Recovery strategies

Requirements

• Comfortable handling security regulations (PCI, SOX, and GDPR)
• Deep understanding of network, application, and infrastructure security
• Experience designing secure web services and microservice architectures
• Strong experience with Incidence Response, Vulnerabilities Management, and Threat management
• Hands on experience with web application pentesting
• Experience deploying security solutions within cloud environments (AWS).
• Knowledgeable with Kubernetes

Engineers at Bread also get the opportunity to participate in “20%” time through Working Groups!  Working Groups are quarterly teams of 4 to 6 engineers who set out to tackle a specific engineering initiative outside of their core engineering team.  Working Groups have included ones for Logging Architecture, Internal Authentication, Community & Blogs, Testing Infrastructure, and Monitoring. Groups meet every Friday to plan and own their roadmap and implement their features. All engineers get a chance to be in one of these groups and over time potentially lead a group for that quarter. It's another opportunity as an engineer at Bread to have impact across the entire organization!