Product Security Engineer - SWE
San Francisco / New York / Remote
Plaid Inc.
Plaid helps companies build fintech solutions by making it easy, safe and reliable for people to connect their financial data to apps and services.
We believe the way people interact with their finances will drastically improve in the next few years. We’re dedicated to empowering this transformation by building the tools and infrastructure developers need to create their own products. Plaid powers the tools millions of people rely on to live a healthier financial life. We work with thousands of companies like Venmo and SoFi, several of the Fortune 500, and many of the largest banks to make it easy for people to connect their financial accounts to the apps and services they want to use. Plaid’s network covers 11,000 financial institutions across the US, Canada, UK and Europe. Founded in 2013, the company is headquartered in San Francisco with offices in New York, Salt Lake City, Washington D.C., London and Amsterdam.
The mission of Plaid's Product Security Team is “Improve our customer’s trust by assuring secure development and delivery of products and services, minimizing risk to the ecosystem, and preventing security incidents.” We achieve this by ensuring security measures are available by default to developers, implementing security controls in the CI/CD pipeline, measuring effectiveness of these controls and adjusting them accordingly. We heavily focus on Security Reviews, Threat Modeling, building Secure Architecture, runtime application protection, and reducing risk to the platform.
As a Software Engineer on the Product Security team, you will help shape the future of the security team’s roadmap. In this role, you will participate in the development of the Product security tools and controls. You will help Plaid shift-left in the development lifecycle by integrating application security tools to the build pipeline, enabling developers to self-serve threat modeling for security reviews, and contribute to the runtime protection of the applications. You will also work on the automation of the vulnerability management process from triage to track and final closure with appropriate owners. You would also get the opportunity to work on popular open source projects and customize them for Plaid needs, which gives you an opportunity to contribute back to the open source community.
Major projects may include: building/installing application security testing tooling, automating vulnerability management, creating interceptors/wrappers for runtime protection, and coordinating with other Security and Engineering teams to standardize Security policies and standards.
The mission of Plaid's Product Security Team is “Improve our customer’s trust by assuring secure development and delivery of products and services, minimizing risk to the ecosystem, and preventing security incidents.” We achieve this by ensuring security measures are available by default to developers, implementing security controls in the CI/CD pipeline, measuring effectiveness of these controls and adjusting them accordingly. We heavily focus on Security Reviews, Threat Modeling, building Secure Architecture, runtime application protection, and reducing risk to the platform.
As a Software Engineer on the Product Security team, you will help shape the future of the security team’s roadmap. In this role, you will participate in the development of the Product security tools and controls. You will help Plaid shift-left in the development lifecycle by integrating application security tools to the build pipeline, enabling developers to self-serve threat modeling for security reviews, and contribute to the runtime protection of the applications. You will also work on the automation of the vulnerability management process from triage to track and final closure with appropriate owners. You would also get the opportunity to work on popular open source projects and customize them for Plaid needs, which gives you an opportunity to contribute back to the open source community.
Major projects may include: building/installing application security testing tooling, automating vulnerability management, creating interceptors/wrappers for runtime protection, and coordinating with other Security and Engineering teams to standardize Security policies and standards.
What excites you
- Design and build solutions which help improve the security maturity of the organization.
- Experience building scalable backend systems preferably cloud friendly applications.
- Experience building with programming languages like Python.
- Familiarity with the deployment of automation tools preferably security tools in the CI/CD pipeline.
- Passion to learn new security concepts.
- Communication in a friendly, supportive manner with software engineers or other stakeholders, helping to not only identify security issues but also advocate solutions.
- Mentor security engineers.
What excites us
- Experience working with the Security team, preferably as a security champion.
- Strong problem solving and coding skills in coding languages like Python. Nice to have web development experience with TS/JS and Go.
- Familiarity with secure software development lifecycle.
- Running PoC's for new security controls/tools and determining their effectiveness.
- Knowledge of cryptography, authentication and authorization standards, and implementations in major cloud providers, preferably AWS.
- Experience with containers (Docker) and Container Orchestration Systems (Kubernetes/ECS).
- Experience partnering with engineering and security teams to roll out organization wide controls and tools.
- Experience writing scripts to improve alerting and monitoring of application events.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation AWS C CI/CD Cloud Cryptography Docker Kubernetes Monitoring Open Source Product security Python Vulnerability management
Perks/benefits: Team events
Regions:
Remote/Anywhere
South America
Country:
United States
Job stats:
7
0
0
Category:
Security Engineering Jobs
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs