Product Security Engineer
Earnin
ABOUT EARNIN
As one of the first pioneers of earned wage access, our passion at EarnIn is building products that deliver real-time financial flexibility for those with the unique needs of living paycheck to paycheck. Our community members access their earnings as they earn them, with options to spend, save, and grow their money without mandatory fees, interest rates, or credit checks.
We’re fortunate to have an incredibly experienced leadership team, combined with world-class funding partners like A16Z, Matrix Partners, DST, Ribbit Capital, and a very healthy core business with a tremendous runway. We’re growing fast and are excited to continue bringing world-class talent onboard to help shape the next chapter of our growth journey.
POSITION SUMMARY
We are looking for a passionate Product Security Engineer who is excited to contribute to security engineering efforts. If you have hands-on experience securing cloud environments, join the growing information security org at EarnIn as a senior product security engineer. You should have a natural sense of curiosity, a propensity for action, and a collaborative and diplomatic approach to problem-solving. This is a hybrid role based in our Palo Alto office. The base salary range for this full-time position is $169,800 - $207,600 + equity + benefits. Our salary ranges are determined by role, level, and location.
WHAT YOU'LL DO
- Perform security-focused code reviews.
- Lead application security reviews and threat modeling, including code review and dynamic testing.
- Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
- Lead both critical and regular security releases.
- Lead in developing automated security testing to validate that secure coding best practices are being used.
- Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area.
- Develop security training and socialize the material with internal development teams.
- Guided and advised product development teams as SMEs in application security.
- Support and evolve the bug bounty program.
- Evaluate, test, implement, and support third-party security tools.
WHAT WE'RE LOOKING FOR
- MS or Bachelor in Computer Science or equivalent desired
- 5+ Years of industry experience
- Able to work well with software development teams.
- Experience identifying security issues through code review.
- Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics clearly and concisely.
- Familiarity with some common security libraries and tools (e.g. static analysis tools, proxying/penetration testing tools).
- Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).
- Basic development or scripting experience and skills. Python and Go are preferred.
- A basic understanding of network and web-related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
- Strong understanding and experience with shared security libraries, security controls, and common security flaws.
- Be a subject matter expert (SME) of at least one technical area impacting the product's security.
- Strong experience working closely with developers.
- Experience in the financial services industry is preferred
At EarnIn, we believe that the best way to build a financial system that works for everyday people is by hiring a team that represents our diverse community. Our team is diverse not only in background and experience but also in perspective. We celebrate our diversity and strive to create a culture of belonging. EarnIn does not unlawfully discriminate based on race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity, gender expression, national origin, ancestry, citizenship, age, physical or mental disability, legally protected medical condition, family care status, military or veteran status, marital status, registered domestic partner status, sexual orientation, genetic information, or any other basis protected by local, state, or federal laws. EarnIn is an E-Verify participant.
EarnIn does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies in response to job postings. No fee will be paid to third parties who submit unsolicited candidates directly to our hiring managers or HR team.