Senior Product Security Engineer

About Earnin:

As one of the first pioneers of earned wage access, our passion at Earnin is building products that deliver real time financial flexibility for those with the unique needs of living paycheck to paycheck. Our community members access their earnings as they earn them, with options to spend, save, and grow their money without mandatory fees, interest rates, or credit checks. Since our founding, our app has been downloaded over 13M times and we have provided access to $10 billion in earnings.

We’re fortunate to have an incredibly experienced leadership team, combined with world-class funding partners like A16Z, Matrix Partners, DST, and a very healthy core business with a tremendous runway. We’re growing fast and are excited to continue bringing world class talent onboard to help shape the next chapter of our growth journey.

Position Summary:

We are looking for a passionate Product Security Engineer who is excited to jump in and help drive security engineering efforts. Join the growing Information Security org at Earnin as a Sr Product Security engineer if you have hands-on experience securing cloud environments.  

You should have a natural sense of curiosity, a propensity for action, and a collaborative and diplomatic approach to problem solving.

This is a remote position.

What You'll Do:

• Perform security-focused code reviews.
• Lead application security reviews and threat modeling, including code review and dynamic testing.
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
• Lead both critical and regular security releases.
• Lead in development of automated security testing to validate that secure coding best practices are being used.
• Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area.
• Develop security training and socialize the material with internal development teams.
• Guide and advise product development teams as SMEs in the area of application security.
• Support and evolve the bug bounty program.
• Evaluate, test, implement and support third party security tools.

What We're Looking For:

• MS or Bachelor in Computer Science or equivalent desired
• 5+ Years of industry experience
• Able to work well with software development teams.
• Experience identifying security issues through code review.
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
• Familiarity with some common security libraries and tools (e.g. static analysis tools, proxying / penetration testing tools).
• Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).
• Basic development or scripting experience and skills. Python and/or Go are preferred.
• A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
• Strong understanding and experience with common security libraries, security controls, and common security flaws.
• Be a subject matter expert (SME) of at least 1 technical area impacting the security of the product.
• Strong experience working closely with developers.
• Experience in the financial services industry preferred

At Earnin, we believe that the best way to build a financial system that works for everyday people is by hiring a team that represents our diverse community. Our team is diverse not only in background and experience, but also in perspective. We celebrate our diversity and strive to create a culture of belonging. Earnin does not unlawfully discriminate on the basis of race, color, religion, sex (including pregnancy, childbirth, breastfeeding or related medical conditions), gender identity, gender expression, national origin, ancestry, citizenship, age, physical or mental disability, legally protected medical condition, family care status, military or veteran status, marital status, registered domestic partner status, sexual orientation, genetic information, or any other basis protected by local, state, or federal laws. Earnin is an E-Verify participant.    Earnin does not accept unsolicited resumes from individual recruiters or third party recruiting agencies in response to job postings. No fee will be paid to third parties who submit unsolicited candidates directly to our hiring managers or HR team.   #LI-Remote