Staff Security Engineer (Product Security Architecture)

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm, Inc. proudly includes Affirm, PayBright, and Returnly. 

Affirm values information security as a critical part of the company’s continued success. Our mission is to make information security programmatic and cultural in Affirm, enabling the company to succeed in building honest financial products. The Security team posture increases security and reduces risk while securely enabling access to information for those who need it!

The Staff Product Security Engineer candidate will have experience building and architecting software as part of a larger team. The ideal candidate will work effectively with product and engineering teams to evaluate and influence product requirements, design, and implementation to improve the security of Affirm’s products.

What You'll Do

• Partner with Affirm product teams to ensure that security is included in every phase of the product development lifecycle.
• Conduct threat modeling activities with product teams to ensure product threats are understood, documented, and mitigated.
• Conduct reviews of product architecture to ensure Affirm products are developed securely.
• Conduct security reviews of product cloud services configuration. Provide secure cloud configuration guidance for product teams.
• Assist product teams in the development of security focussed test cases to enforce security requirements.
• Advise product teams on business security requirements early in the product development lifecycle.
• Review and analyze product source code to identify security vulnerabilities and provide recommendations for secure implementation.
• Decompose large, cross-team projects into individual tasks. Manage scope across teams and drive toward project closure.

What We Look For

• Experience using modern software development and delivery techniques to develop cloud-based services. Python, Java, AWS, and Azure experience preferred.
• Experience conducting threat models for complex, distributed products using standard threat modeling techniques and methodologies.
• Experience with standard authentication mechanisms, including SAML and OAuth2.
• Understanding of continuous integration / continuous deployment processes and tools.
• BS degree in related field or equivalent experience. MS degree in a related field or equivalent experience is a plus.

Location - Remote US

#LI - Remote

Affirm is proud to be a remote-first company! The majority of our roles are remote and can be located anywhere in the U.S. and Canada (with the exception of the U.S. Territories, Quebec, Yukon, Nunavut, and the Northwest Territories) unless the job indicates a different global location. We are currently building operations in Spain, Poland, and Australia.  Employees in remote roles have the option of working remotely or from an Affirm office in their country of hire, and may occasionally travel to an Affirm office or elsewhere for required meetings or team-building events. Our offices in Chicago, New York, Pittsburgh, Salt Lake City, San Francisco and Toronto will remain operational and accessible for anyone to use on a voluntary basis, subject to local COVID-19 guidelines.

If you got this far, we hope you're feeling excited about this role. Even if you don't feel you meet every single requirement, we still encourage you to apply. We're eager to meet people who believe in Affirm's mission and can contribute to our team in a variety of ways—not just candidates who check all the boxes.   Inclusivity:

At Affirm, People Come First is one of our core values, and that’s why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can read about our D&I program here and our progress thus far in our 2020 DEI Report.

We also believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.

By clicking "Submit Application," you acknowledge that you have read the Affirm Employment Privacy Policy, or the Affirm Employment Privacy Notice (EU) for applicants applying from the European Union, and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as described therein.