Security Engineer

Lemonade Finance (YC S21) is building the neobank for African diaspora in North America & Europe. We provide our users with a multi-currency account that allows them to hold, send, and receive money from Africa in any currency for their business and personal banking needs.

There are over 10 million Africans living in North America & Europe who go through hoops and have to pay exorbitant fees to send money to their loved ones. We are constantly fighting for everyday Africans to be able to move their money freely around the world at no cost and with the best exchange rate they can find out there.

Lemonade Finance launched the first version of the app at the beginning of October 2020 with just the ability to send money. Now, we enable our users to send and receive as well as pay bills for services across the ocean for loved ones. We have also grown to a team of more than 40 people working remotely and living in different continents around the world.

As a Security Engineer at Lemonade Finance, you will advocate for information security throughout all our software development and business processes. You will work with other Application Developers and System Engineers to protect our customers and Lemonade Finance’s business.

Responsibilities

• Conduct internal security and confidential information investigations and information security audits.
• Provide guidance on risk, compliance, and policy to technical and non-technical internal customers.
• Respond to security violations, vulnerabilities, and incident detections.
• Assess and secure third-party integrations, services, solutions and partnerships, ensuring controls are implemented to the highest security standards.
• You will develop and deploy security tools and automations.
• Provide security training and guidance to internal teams and customers.
• Ensure timely delivery of security goals, and make recommendations for incremental process improvement.
• Contribute to / provide feedback on the development of security standards and control requirements.

Requirements

• You possess a breadth of knowledge and experience across the information security domain, such as endpoint security, identity management, cloud security, detection engineering, vulnerability management, incident response, and threat intelligence.
• Experience in advocating security best practices for third party integrations (e.g. with SAAS solutions, third-party libraries, etc.).
• Experience in Network security controls for egress and ingress Network Firewall, WAF, and DDOS.
• Experience with Amazon Web Services (AWS) products and security controls.
• Current knowledge around web and mobile application vulnerabilities, attacks, and mitigation methods.
• Experience with information security frameworks and industry regulatory compliance – SOC2, PCI DSS, ISO.
• Strong ability to take ownership of assigned tasks and responsibilities.
• Must display high level of critical thinking in order to weigh alternatives and presentsolutions that are consistent with requirements.
• You have hands-on experience investigating security events and incidents across complex and heterogeneous environments, preferably including AWS.

Nice to have

• BSc in Engineering or Computer Science, or other relevant degree.
• Ability to communicate effectively with both technical and non-technical stakeholders across multiple business units.
• Experience with developing and maintaining relevant security assessment risk metrics.
• Curiosity and drive to learn new technologies, methodologies and best practices
• Security related certifications such as CEH, CISSP, CISM, AWS Certified Security – Specialty.