Jobs /

Security Engineer, Application Security

Affirm

Apply Now

Job Details

Location: New York, NY, USA Posted: Jul 28, 2019

Job Description

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm values information security as a critical part of the company’s continued success. Our mission is to make information security programmatic and cultural in Affirm, enabling the company to succeed in building honest financial products. The Security team posture increases security and reduces risk while securely enabling access to information for those who need it.

What You'll Do

    • Develop application security and product best practices to standardize security practices.
    • Provide security design review and code reviews to the organization to ensure the product features meet security requirement and best practices.
    • Review, analyze, and evaluate both internally developed software and vendor products and procedures to address security requirements and concerns.
    • Serve as subject matter expert for static and dynamic analysis security tools.
    • Work with DevOps engineers to integrate static and dynamic analysis security tools into CI/CD pipelines.
    • Interpret security tools findings, 3rd penetration testing results, and bug bounty program submissions.
    • Provide vulnerability remediation guidance and mentoring to product development software engineers.
    • Develop company-wide security projects and processes to discover security defects in source code, dependencies, and/or other artifacts.
    • Develop and improve documentations on security processes and procedures.
    • Build metrics to track security defects and automate the collection of security information to derive metrics.
    • Enable automation of product security testing and find innovative ways to scale the security team.
    • Evaluation of new technologies, tools, and/or development techniques that impact security.

What We Look For

    • Team player, high work ethics, attention to details is a must.
    • Ability to communicate effectively with business representatives in explaining security topics clearly and where necessary, in layman's terms.
    • Experience with Cloud and virtualized technology in environments such as AWS or GCP.
    • Ability to efficiently communicated security to any audience, such as explaining vulnerabilities and weaknesses in the OWASP Top 10, WASC, and/or CWE 25 and discuss effective defensive techniques and countermeasures to both business and engineering staff.
    • Deep understanding of network protocols such as HTTP and SSL/TLS.
    • Familiar with means to defend modern Web applications and APIsFamiliarity with dynamic and static analysis tools and ability to interpret dynamic/static analysis tools, and penetration test results and describe issues and fixes to non-security experts.
    • Familiarity with common reconnaissance, exploitation, and post-exploitation frameworks.
    • Deep understanding of continuous integration / continuous deployment processes and tools.
    • Ability to automate tasks using a scripting language (Python, Shell, etc).
    • Ability to program in Python, experience with Javascript is a plus.
    • Security certification such as CISSP, OSCP is a plus.
    • BA/BS degree in a related field or equivalent experience is a plus.
At Affirm, "People Come First" is a core value and that’s why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can learn more about our D&I efforts here. Apply for this job

About Affirm

Our mission is to deliver honest financial products that improve lives. Affirm offers services that empower consumers to advance their financial well-being. Our goal is to revolutionize the banking industry to be more accountable and accessible to consumers. Today, Affirm shoppers get the flexibility to buy now and make simple monthly payments for their purchases. Unlike payment options that have compounding interest and penalty fees, Affirm shows customers exactly what they’ll owe up front — with no fine print and no surprises. Affirm also reaches a broader population of consumers through advanced technology and analytics that look beyond traditional FICO scores.

View Website

Get More Interviews for This and Many Other Jobs

Huntr helps you instantly craft tailored resumes and cover letters, fill out application forms with a single click, effortlessly keep your job hunt organized, and much more.

Sign Up for Free