Product Security Engineer - SWE

San Francisco / New York / Remote

Applications have closed

Plaid Inc.

Plaid helps companies build fintech solutions by making it easy, safe and reliable for people to connect their financial data to apps and services.

View company page

We believe the way people interact with their finances will drastically improve in the next few years. We’re dedicated to empowering this transformation by building the tools and infrastructure developers need to create their own products. Plaid powers the tools millions of people rely on to live a healthier financial life. We work with thousands of companies like Venmo and SoFi, several of the Fortune 500, and many of the largest banks to make it easy for people to connect their financial accounts to the apps and services they want to use. Plaid’s network covers 11,000 financial institutions across the US, Canada, UK and Europe. Founded in 2013, the company is headquartered in San Francisco with offices in New York, Salt Lake City, Washington D.C., London and Amsterdam.
The mission of Plaid's Product Security Team is “Improve our customer’s trust by assuring secure development and delivery of products and services,  minimizing risk to the ecosystem, and preventing security incidents.” We achieve this by ensuring security measures are available by default to developers, implementing security controls in the CI/CD pipeline, measuring effectiveness of these controls and adjusting them accordingly. We heavily focus on Security Reviews, Threat Modeling, building Secure Architecture, runtime application protection, and reducing risk to the platform.
As a Software Engineer on the Product Security team, you will help shape the future of the security team’s roadmap. In this role, you will participate in the development of the Product security tools and controls. You will help Plaid shift-left in the development lifecycle by integrating application security tools to the build pipeline, enabling developers to self-serve threat modeling for security reviews, and contribute to the runtime protection of the applications. You will also work on the automation of the vulnerability management process from triage to track and final closure with appropriate owners. You would also get the opportunity to work on popular open source projects and customize them for Plaid needs, which gives you an opportunity to contribute back to the open source community. 
Major projects may include: building/installing application security testing tooling, automating vulnerability management, creating interceptors/wrappers for runtime protection, and coordinating with other Security and Engineering teams to standardize Security policies and standards.

What excites you

  • Design and build solutions which help improve the security maturity of the organization. 
  • Experience building scalable backend systems preferably cloud friendly applications.
  • Experience building with programming languages like Python. 
  • Familiarity with the deployment of automation tools preferably security tools in the CI/CD pipeline.
  • Passion to learn new security concepts.
  • Communication in a friendly, supportive manner with software engineers or other stakeholders, helping to not only identify security issues but also advocate solutions. 
  • Mentor security engineers.

What excites us

  • Experience working with the Security team, preferably as a security champion.
  • Strong problem solving and coding skills in coding languages like Python. Nice to have web development experience with TS/JS and Go. 
  • Familiarity with secure software development lifecycle.
  • Running PoC's for new security controls/tools and determining their effectiveness.
  • Knowledge of cryptography, authentication and authorization standards, and implementations in major cloud providers, preferably AWS.
  • Experience with containers (Docker) and Container Orchestration Systems (Kubernetes/ECS).
  • Experience partnering with engineering and security teams to roll out organization wide controls and tools.
  • Experience writing scripts to improve alerting and monitoring of application events.
Plaid is proud to be an equal opportunity employer and values diversity at our company. We do not discriminate based on race, color, national origin, ethnicity, religion or religious belief, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, military or veteran status, disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state, and local laws. Plaid is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance with your application or interviews due to a disability, please let us know at accommodations@plaid.com.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Application security Automation AWS C CI/CD Cloud Cryptography Docker Kubernetes Monitoring Open Source Product security Python Vulnerability management

Perks/benefits: Team events

Regions: Remote/Anywhere South America
Country: United States
Job stats:  7  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.