Come As You Are:
We recognize the dire lack of diversity in our industry, and we’re not okay with it. We actively seek to address it with our hiring and retention practices, as well as our office culture. Our culture isn’t something employees join, it’s something they build and shape. We believe that every person and their lived experience is integral to building a work environment, and a product that will change the world. If you’re on the fence about whether you’re a fit, we say go for it, and apply!
We’re a tech company that’s changing how people bank and think about their finances. We value empathy, curiosity, craft and efficacy. Our mission is to help people feel confident with their money. We do that by bringing humanity, elegance and ease to the consumer banking experience.
As an engineer on the Security Engineering team, you’ll be responsible for maintaining a secure computing environment. Safety isn’t a static, unchanging concept, rather, a safe environment is well-designed, has had a lot of craft put into its design and is maintained, remodeled, automated and redesigned as the environment changes to meet ever-changing IT demands.
On a day to day basis you will be working closely with our software engineers, our IT team, our infrastructure engineers and other product security engineers to help manage our security systems and correct security flaws as they are found. You will also automate security solutions, provide on-call security support, perform ongoing vulnerability management scans and participate in the application of patches as needed. You will be responsible for evaluating and recommending security technologies and provide technical expertise in all phases of the development and implementation of security technologies.
This is an experienced senior-level position with a high degree of autonomy - you will tackle and manage high-level security projects, using processes that you have input in creating and maintaining. You will work closely with a variety of engineering disciplines, and will need to communicate effectively and be productive in an environment working with other engineers.
As a Senior Engineer, you will take on an expert technical role within the security domain. Your knowledge will be key in defining how Security Engineering operates at Simple. You will mentor, and be mentored by your coworkers, evaluate how our current systems and approach can be improved, and architect systems that improve our overall security posture.
You will be successful in this role if you are passionate about security and continuously seek ways to improve your craft. You believe that security is more of a concept than an organization, more of a service to the mission at Simple than a blocker, and it is your desire to foster that culture across team boundaries. You have long term plans to eliminate risk and are able to seek out the highest value mitigations first. You are able to demonstrate easily whether something is vulnerable or not and educate your peers on the best methods for mitigation.
What You’ll Do All Day:
- Review, upgrade, tune, consult, keep up to date on, recommend, and implement security tooling within the environment.
- Leverage automated security tools and integrate them within our development workflow. Work to improve the accuracy and coverage of these tools.
- Automate all of the things.
- Provide consultation to engineering teams on technical security decisions including architecture, design, testing strategy, threat modeling, and triage of security bugs.
- Perform security assessments. Clearly communicate identified vulnerabilities and identify new assessment techniques to prevent them in the future. Document comprehensive reports on the assessment effort and discovered vulnerabilities.
- Work with AppSec team to help support infrastructure and Simple development engineering teams.
- Write documents that clearly describe both the behavior of existing systems, and provide a roadmap for where we should go in the future.
- Provide training to engineering on relevant security topics or monthly training lunch and learns.
- Participate in on-call rotation and respond to security-related incidents
We’d Like To See:
- 8+ years progressive experience in relevant work
- Knowledge of security flaws and their resolution as listed in sites like OWASP, SANS, etc.
- Experience with secure application architecture, design, development, code review, and penetration testing of web and mobile applications
- Experience administrating endpoint security tools in a cloud environment.
- Proficiency with at least one programming language, such as Python or Ruby.
- Experience with JVM based languages
- Familiarity with cloud security, especially as it relates to AWS.
- Understanding of cryptography, including protocols, key management, encryption and hashing methods.
- Experience writing vulnerability reports and communicating their technical details and security impact to developers and management.
- Experience with security and engineering tools such as Crowdstrike, MDM, Zscaler, Okta, Tenable, Threat Stack, Twistlock, WAF solutions, and Git.
- Preferred background in DevOps with a bent for Security.
Why Simple’s a Great Place to Work:
- Competitive salary and inclusive benefits package, including 4-months of 100% paid parental leave, additional PTO for volunteer & advocacy days, and affordable health insurance for partners & families.
- A supportive and nurturing place to work. We know good ideas come from everywhere, so we work to ensure every person feels psychologically safe to take risks and think outside of the box here. Our dog-friendly space provides a wellness room, adjustable desks & ergonomic chairs, monthly on-site acupuncture & massages, all gender restrooms, and dietary & allergy conscious catering.
- Ample opportunity to connect with your coworkers through company-funded Employee Resource Groups & Simple community events.
- We’re committed to hiring quality human beings. Simple is a place where others will watch out for you and help you learn. We like and respect one another.
- We believe that financial confidence belongs to everyone - and we will work to remove every barrier along the way. We sweat the small stuff, and build with intention.
In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire. Email our team at firstname.lastname@example.org
if you need an accommodation in the application process.