Staff Software Engineer, Security

| Greater NYC Area
Sorry, this job was removed at 12:24 p.m. (EST) on Thursday, April 16, 2020
Find out who's hiring in Greater NYC Area.
See all Cybersecurity + IT jobs in Greater NYC Area
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.

Affirm values information security as a critical part of the company’s continued success. Your unique mission as a security team member is to identify potential weaknesses and vulnerabilities in the foundational infrastructure, SDLC, and strategically reinforce them, enabling other teams to focus on building honest financial products.

What You'll Do

  • Deliver production-level, data-intensive applications and interfaces for tracking and reporting on the security posture of organizational systems and software.
  • Design and implement systems and processes to ensure timely updates of system software.
  • Assess security of existing systems and processes, identify vulnerabilities and risks, propose and execute initiatives to address them.
  • Coach engineering teams in security best practices.
  • Evaluate the security of web applications and application authentication and authorization processes.
  • Consume threat intelligence sources and perform vulnerability analyses.
  • Serve as a subject matter expert for static and dynamic analysis security tools.
  • Work with DevOps engineers to integrate static and dynamic analysis security tools into Affirm processes.
  • Provide security design review and code reviews to the organization to ensure the product features meet security requirements and best practices. 
  • Develop company-wide security projects and processes to discover security defects in source code, dependencies, and/or other artifacts.
  • Provide vulnerability remediation guidance and mentoring to product development software engineers.
  • Identify opportunities for implementing technology-based controls to create improved visibility and defense.
  • Interface with peer departments within Security, and serve as an internal point of contact for all infrastructure security-related decisions, partnering with IT, Platform Engineering, Product and Business Development teams.
  • Build positive, productive relationships with business and technology leadership.

What We Look For

  • 10+ years of software development experience in multiple programming languages.
  • Experience with modern software deployment techniques, including Continuous Integration, Continuous Deployment, and container orchestration.
  • Experience with Cloud and virtualized technology in environments such as AWS or GCP.
  • Hands on experience developing applications using distributed, event-based messaging systems is a plus. 
  • Team player, high work ethics, and attention to detail is a must.
  • Ability to communicate effectively with business representatives in explaining security topics clearly and where necessary, in layman's terms.
  • Demonstrated problem-solving skills and analytical mindset.
  • Ability to effectively communicate security to any audience, such as explaining vulnerabilities and weaknesses in the OWASP Top 10, WASC, and/or CWE 25 and discuss effective defensive techniques and countermeasures to both business and engineering staff.
  • Deep understanding of network protocols such as HTTP and SSL/TLS.
  • Familiar with means to defend modern Web applications and APIs.
  • Knowledge of Splunk, ElasticSearch, Sumologic is desired.
  • Experience with a SIEM or Log Management System is desired.
  • Excellent written and spoken communication skills.
  • BA/BS degree in a related field or equivalent experience is required.

If you got to this point, we hope you're feeling excited about the job description you just read. Even if you don't feel that you meet every single requirement, we still encourage you to apply. We're eager to meet people that believe in Affirm's mission and can contribute to our team in a variety of ways – not just candidates who check all the boxes.

At Affirm, "People Come First" is a core value and that’s why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can learn more about our D&I efforts here.

By clicking "Apply for this job," I acknowledge that I have read the Affirm Employment Privacy Policy, and hereby consent to the collection, processing, use, and storage of my personal information as described therein.

Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Location

Affirm is a remote-first company! Our brick and mortar offices remain operational and accessible for anyone to use on a voluntary basis.

Similar Jobs

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about AffirmFind similar jobs