Staff Security Engineer, Product Security Architecture

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm proudly includes Returnly. 

Affirm values information security as a critical part of the company’s continued success. Our mission is to make information security programmatic and cultural in Affirm, enabling the company to succeed in building honest financial products. The Security team posture increases security and reduces risk while securely enabling access to information for those who need it!

The Staff Product Security Engineer candidate will have experience building and architecting software as part of a larger team. The ideal candidate will work effectively with product and engineering teams to evaluate and influence product requirements, design, and implementation to improve the security of Affirm’s products.

What You'll Do

• Partner with Affirm product teams to ensure that security is included in every phase of the product development lifecycle.
• Conduct threat modeling activities with product teams to ensure product threats are understood, documented, and mitigated.
• Conduct reviews of product architecture to ensure Affirm products are developed securely.
• Conduct security reviews of product cloud services configuration. Provide secure cloud configuration guidance for product teams.
• Assist product teams in the development of security focussed test cases to enforce security requirements.
• Advise product teams on business security requirements early in the product development lifecycle.
• Review and analyze product source code to identify security vulnerabilities and provide recommendations for secure implementation.
• Decompose large, cross-team projects into individual tasks. Manage scope across teams and drive toward project closure.

What We Look For

• Experience using modern software development and delivery techniques to develop cloud-based services. Python, Java, AWS, and Azure experience preferred.
• Experience conducting threat models for complex, distributed products using standard threat modeling techniques and methodologies.
• Experience with standard authentication mechanisms, including SAML and OAuth2.
• Understanding of continuous integration / continuous deployment processes and tools.
• BS degree in related field or equivalent experience. MS degree in a related field or equivalent experience is a plus.

Compensation & Benefits

We offer a competitive package, with some highlights listed below.  However, the given figures are not guaranteed compensation ranges; rather, they are unbinding, approximate indications of what the salary may be for your awareness. The actual salary may be less than the lower range or greater than the upper range, depending on skills and experience. No employee is guaranteed salary at the amount of the lower range.

• Targeted Gross Monthly Salary: 25,792 - 32,233 PLN
• Flexible Spending Wallets for tech, food and lifestyle
• Generous time off policies 
• Away Days - wellness days to take off work and recharge
• Learning & Development programs
• Parental leave
• Robust health benefits
• Employee Resource & Community Groups

Location - Remote Poland

Grade - 31

#LI-Remote

Affirm is proud to be a remote-first company! The majority of our roles are remote and can be located anywhere in the U.S. and Canada (with the exception of the U.S. Territories, Quebec, Yukon, Nunavut, and the Northwest Territories) unless the job indicates a different global location. We are currently building operations in Spain, Poland, and Australia.  Employees in remote roles have the option of working remotely or from an Affirm office in their country of hire, and may occasionally travel to an Affirm office or elsewhere for required meetings or team-building events. Our offices in Chicago, New York, Pittsburgh, Salt Lake City, San Francisco and Toronto will remain operational and accessible for anyone to use on a voluntary basis, subject to local COVID-19 guidelines.

All full-time jobs at Affirm (excluding interns and apprentices) are tied to a transparent grade-based pay range taking location into account. 

[Colorado Candidates] In accordance with Colorado’s Equal Pay for Equal Work Act, the grade for this position in Colorado is listed above. You can find the Colorado base pay range and benefits here.

If you got this far, we hope you're feeling excited about this role. Even if you don't feel you meet every single requirement, we still encourage you to apply. We're eager to meet people who believe in Affirm's mission and can contribute to our team in a variety of ways—not just candidates who check all the boxes.   Inclusivity:

At Affirm, People Come First is one of our core values, and that’s why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can read about our D&I program here and our progress thus far in our 2021 DEI Report.

We also believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.

By clicking "Submit Application," you acknowledge that you have read the Affirm Employment Privacy Policy, or the Affirm Employment Privacy Notice (EU) for applicants applying from the European Union, and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as described therein.