Senior Full-Stack Engineer - Security
San Francisco, CA, New York City, Portland, OR, or Remote within United States
Applications have closed
Mercury
Confidently run all your financial operations with software built from a powerful banking core. Scale with business bank accounts & debit and credit cards.There's a guideline in medicine called "Sutton's Law": first consider the obvious. The law gets its name from an apocryphal interview with Willie Sutton, an infamous bank robber, who was asked "Why do you rob banks?" and replied simply "Because that's where the money is."
Mercury is building the banking* stack for startups, and it's obvious security is critical to our product. That's where the money is.
At Mercury, there are two dedicated security teams. The first is a comprehensive Information Security (InfoSec) team with extensive backgrounds in security. They focus on areas such as PCI/SOC2 compliance, endpoint management, detection and response, as well as network and corporate security. This team has a wide mandate and frequently work in our product and infrastructure as well.
The team you would be joining is primarily focused on engineering, with a primary goal of addressing security challenges through code. Our work involves tackling a variety of security issues, ranging from developing security features to creating infrastructure that assists other teams in building their features securely. Currently, our main projects include enhancing our admins' permissions system, devising a streamlined method for users to verify their identity during phone calls, and a few smaller initiatives. In addition to coding, we actively engage with other teams. This involves explaining vulnerabilities identified through our bug bounty programs, addressing security concerns related to ongoing projects, and responding to queries from other teams. Exceptional security judgment, a grasp of product concepts, and effective communication skills are highly valuable in these collaborative scenarios.
As a Security Engineer at Mercury, you will:
- Address key security features within the product, such as developing passkey support, enhancing the security dashboard, refining user-facing audit logs, and implementing SAML.
- Upgrade our pentest environment to ensure it aligns with our security researchers' needs, addressing challenges like data sufficiency and effective stubbing of third-party interactions.
- Contribute to bug bounty program triage by validating reports, coordinating responses, and managing researcher payments, while collaborating with teams to resolve identified issues.
- Analyze vulnerabilities and proactively target root causes by creating tools for codebase scanning, establishing effective patterns and systems, and enhancing security training for engineers.
- Assist teams in threat modeling and cultivating a security mindset for their features, leveraging dedicated security expertise to complement the existing skills of our engineers.
- Investigate user security issues, utilizing product knowledge and logs to understand incidents and proposing improvements to monitoring for quicker detection of similar issues.
The ideal candidate possesses:
- Excellent empathy for customers.
- An ability to carefully consider tradeoffs between security and user experience.
- Proficiency in standard software engineering, including discussions on schema and app design.
Requirements:
- Three or more years of experience in software security roles or equivalent.
- Full-stack development experience, with excitement to learn and work with Haskell, React, and TypeScript.
Nice to Haves:
- Familiarity with our tech stack.
- Experience in fraud or finance-related domains.
The total rewards package at Mercury includes base salary, equity (stock options), and benefits.
Our salary and equity ranges are highly competitive within the SaaS and fintech industry and are updated regularly using the most reliable compensation survey data for our industry. New hire offers are made based on a candidate’s experience, expertise, geographic location, and internal pay equity relative to peers.
Our target new hire base salary ranges for this role are the following:
- US employees (any location): $203,100–$238,900.
- Canadian employees (any location): CAD 184,800–217,400.
*Mercury is a financial technology company, not a bank. Banking services provided by Choice Financial Group and Evolve Bank & Trust®; Members FDIC.
#LI-DNI
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Banking Compliance Finance FinTech Full stack Haskell Monitoring SaaS SAML SOC 2 TypeScript Vulnerabilities
Perks/benefits: Competitive pay Equity
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs