Product Security Engineer

ABOUT EARNIN As one of the first pioneers of earned wage access, our passion at EarnIn is building products that deliver real-time financial flexibility for those with the unique needs of living paycheck to paycheck. Our community members access their earnings as they earn them, with options to spend, save, and grow their money without mandatory fees, interest rates, or credit checks. We’re fortunate to have an incredibly experienced leadership team, combined with world-class funding partners like A16Z, Matrix Partners, DST, Ribbit Capital, and a very healthy core business with a tremendous runway. We’re growing fast and are excited to continue bringing world-class talent onboard to help shape the next chapter of our growth journey. POSITION SUMMARY We are looking for a passionate Product Security Engineer who is excited to contribute to security engineering efforts. If you have hands-on experience securing cloud environments, join the growing information security org at EarnIn as a senior product security engineer. You should have a natural sense of curiosity, a propensity for action, and a collaborative and diplomatic approach to problem-solving. This is a hybrid role based in our Palo Alto office. The base salary range for this full-time position is $169,800 - $207,600 + equity + benefits. Our salary ranges are determined by role, level, and location. WHAT YOU'LL DO Perform security-focused code reviews. Lead application security reviews and threat modeling, including code review and dynamic testing. Assist teams in reproducing, triaging, and addressing application security vulnerabilities. Lead both critical and regular security releases. Lead in developing automated security testing to validate that secure coding best practices are being used. Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area. Develop security training and socialize the material with internal development teams. Guide and advise product development teams as SMEs in application security. Support and evolve the bug bounty program. Evaluate, test, implement, and support third-party security tools. WHAT WE'RE LOOKING FOR MS or Bachelor in Computer Science or equivalent desired. 5+ Years of industry experience. Able to work well with software development teams. Experience identifying security issues through code review. Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics clearly and concisely. Familiarity with some common security libraries and tools (e.g. static analysis tools, proxying/penetration testing tools). Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10). Basic development or scripting experience and skills. Python and Go are preferred. A basic understanding of network and web-related protocols (such as TCP/IP, UDP, HTTP, HTTPS). Strong understanding and experience with shared security libraries, security controls, and common security flaws. Be a subject matter expert (SME) of at least one technical area impacting the product's security. Strong experience working closely with developers. Experience in the financial services industry is preferred.

#J-18808-Ljbffr