Staff Security Engineer (Product Testing & Exploitation)

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm, Inc. proudly includes Affirm, PayBright, and Returnly. 

Affirm values information security as a critical part of the company’s continued success. Our mission is to make information security programmatic and cultural in Affirm, enabling the company to succeed in building honest financial products. The Security team posture increases security and reduces risk while securely enabling access to information for those who need it!

The Staff Product Security Engineer candidate will have experience in source code review and application penetration testing. The ideal candidate will work effectively with product and engineering teams to review new features and document software defects to improve the security of Affirm’s products.

What You'll Do

• Review and analyze product source code to identify security vulnerabilities and provide recommendations for secure implementation.
• Decompose large, cross-team projects into individual tasks. Manage scope across teams and drive toward project closure.
• Examine existing tooling and drive deployments/build automations.
• Interface with security researchers via bug bounty programs to bolster community engagement.
• Identify areas of weakness and attempt to exploit systems.
• Explore our mobile applications and APIs to assess risks.

What We Look For

• A curious mind who likes to tinker with systems to see what breaks.
• Proven track record of discovering security vulnerabilities.
• Experience using modern software development and delivery techniques to develop cloud-based services. Python, Java, AWS, and Azure experience preferred.
• Experience with standard authentication mechanisms, including SAML and OAuth2.
• Understanding of continuous integration / continuous deployment processes and tools.

 

Location - Remote (US)

#LI - Remote

Affirm is proud to be a remote-first company! The majority of our roles are remote and can be located anywhere in the U.S. and Canada (with the exception of the U.S. Territories, Quebec, Yukon, Nunavut, and the Northwest Territories) unless the job indicates a different global location. We are currently building operations in Spain, Poland, and Australia.  Employees in remote roles have the option of working remotely or from an Affirm office in their country of hire, and may occasionally travel to an Affirm office or elsewhere for required meetings or team-building events. Our offices in Chicago, New York, Pittsburgh, Salt Lake City, San Francisco and Toronto will remain operational and accessible for anyone to use on a voluntary basis, subject to local COVID-19 guidelines.

If you got this far, we hope you're feeling excited about this role. Even if you don't feel you meet every single requirement, we still encourage you to apply. We're eager to meet people who believe in Affirm's mission and can contribute to our team in a variety of ways—not just candidates who check all the boxes.   Inclusivity:

At Affirm, People Come First is one of our core values, and that’s why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can read about our D&I program here and our progress thus far in our 2020 DEI Report.

We also believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.

By clicking "Submit Application," you acknowledge that you have read the Affirm Employment Privacy Policy, or the Affirm Employment Privacy Notice (EU) for applicants applying from the European Union, and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as described therein.