Security Engineer, Application Security
Affirm, San Francisco, CA
Affirm: Delivering Honest Financial Products
What You'll Do
- Develop application security and product best practices to standardize security practices.
- Provide security design review and code reviews to the organization to ensure the product features meet security requirement and best practices.
- Review, analyze, and evaluate both internally developed software and vendor products and procedures to address security requirements and concerns.
- Serve as subject matter expert for static and dynamic analysis security tools.
- Work with DevOps engineers to integrate static and dynamic analysis security tools into CI/CD pipelines.
- Interpret security tools findings, 3rd penetration testing results, and bug bounty program submissions.
- Provide vulnerability remediation guidance and mentoring to product development software engineers.
- Develop company-wide security projects and processes to discover security defects in source code, dependencies, and/or other artifacts.
- Develop and improve documentations on security processes and procedures.
- Build metrics to track security defects and automate the collection of security information to derive metrics.
- Enable automation of product security testing and find innovative ways to scale the security team.
- Evaluation of new technologies, tools, and/or development techniques that impact security.
What We Look For
- Team player, high work ethics, attention to details is a must.
- Ability to communicate effectively with business representatives in explaining security topics clearly and where necessary, in layman's terms.
- Experience with Cloud and virtualized technology in environments such as AWS or GCP.
- Ability to efficiently communicated security to any audience, such as explaining vulnerabilities and weaknesses in the OWASP Top 10, WASC, and/or CWE 25 and discuss effective defensive techniques and countermeasures to both business and engineering staff.
- Deep understanding of network protocols such as HTTP and SSL/TLS.
- Familiar with means to defend modern Web applications and APIsFamiliarity with dynamic and static analysis tools and ability to interpret dynamic/static analysis tools, and penetration test results and describe issues and fixes to non-security experts.
- Familiarity with common reconnaissance, exploitation, and post-exploitation frameworks.
- Deep understanding of continuous integration / continuous deployment processes and tools.
- Ability to automate tasks using a scripting language (Python, Shell, etc).
- Security certification such as CISSP, OSCP is a plus.
- BA/BS degree in a related field or equivalent experience is a plus.
Today’s shoppers are more averse than ever to traditional credit—due to decades of compounding interest, hidden fees, and unclear terms. At Affirm, we’re reinventing credit to make it more honest and friendly. Great for Customers
We give customers the flexibility to pay over time for their most important purchases, on a schedule that fits their budget. Affirm financing is quick, simple, and transparent—there are no gimmicks like deferred interest, compounding interest, or late fees, so what shoppers see at checkout is exactly what they’ll pay. Great for Businesses
We stick to the same principles of honesty and simplicity with both consumers and our retail partners. Our integration is seamless, and we provide dedicated support to help you make the most our our partnership. We want to make it as easy as possible for you to realize the “Affirm boost”—increased AOV, conversion, and customer loyalty.
Want to learn more about Affirm? Visit Affirm's website.
Jobs You May Like
Director, Data Science
Lucid, New York