Senior Application Security Engineer - Charlotte, NC

Credit Karma, Charlotte, NC

Your credit scores should be free. And now they are.

Security is a core value at Credit Karma. For our 100 million (and counting) members, we are uniquely positioned to help them take control of their financial lives through insight into their current financial state, and actionable advice to improve. From the CEO down to each individual developer, everyone views security as a personal responsibility. Your mission as a Senior Application Security Engineer is to identify potential threats and vulnerabilities, educate engineers, mentor team members, and communicate with engineers to resolve any issues identified. This position is located in Charlotte, NC.

What the Job Entails

  • The Application Security team is a large team of professionals from various backgrounds who focus on securing our products. We perform traditional application security activities, preferring impact over security theatre. We will adopt the new techniques from SecDevOps teams to develop our own type of strategy, implementing automation of application security tasks and allowing us to focus on what is important.
  • Our mission is a real priority in the company. You will see from the first week of engineering on-boarding's required security training to our internal security champions program, security is in the forefront of every employee's mind. We own this part of the security program and are always looking to build out our internal training and awareness.
  • We perform security reviews over a wide variety of exciting domains, from getting the first glance at new microservices to reviewing our transition into the cloud. There are many products and services in which you can make an impact, bring your senior expertise in engineering and security concepts to bear across our company.
  • We are responsible for securing the company code and third party libraries. We are integrated with CI/CD pipelines and automating our way to a scalable solutions; the kind of solution you can contribute to by writing code and directly working with engineers to further the adoption of our security tools.
  • Our SDLC is integrated with the company's processes, and we work closely within our wider security organization to manage risk, coordinate, and move the entire company forward in our mission.

Your Expertise

  • You will have worked in the security industry for a minimum 8-10 years security experience. We welcome both red team and blue team members.
  • You are an expert in security vulnerabilities, knowledgeable in testing and remediation, and can communicate all of these concepts to your partners in engineering. From the OWASP Top Ten to more advanced concepts, you've seen it before and can describe it with ease.
  • You have worked in engineering or with engineers during your career, so you understand their work and obligations. Application Security works together with Engineering to meet both business needs and security requirements.
  • Communication and teamwork is important: Interpersonal skills and the ability to work together with organizations will be key to your success.
  • Eagerness to challenge the status quo, balanced with a reasonable and helpful approach to effecting change.

Desired Skills

  • This is a dedicated position supporting the existing Application Security professional in our Tax product office in Charlotte. You will work with engineers directly to represent security in this remote office. Previous experience in tax and finance security is highly regarded.
  • Do you have expertise in some of these technologies? iOS, Android, GCP, JIRA, Git, CircleCI, Jenkins, Artifactory, Consul, Kubernetes, webpack, react, GraphQL, Apollo, finagle, MySQL, Splunk, InfluxDB, Grafana, node.js, TypeScript, PHP, and Scala.
  • Have you contributed to maintained multi-contributor security tools? We plan to build next generation security tools you cannot buy, and you have an opportunity to contribute.
  • Have you presented at security conferences and meet-ups? We want to hear about how you would take our program to the next level.

About Credit Karma

Our Mission Everyone deserves to feel confident about their finances. Our job is to give you the tools, the education and the opportunities you need to make real, meaningful progress. Thinking about your finances can be frustrating, but we're working to make the process simpler and easier to understand for over 75 million Credit Karma members.

Want to learn more about Credit Karma? Visit Credit Karma's website.