Senior Product Security Engineer

Affirm

2d•$150,000 - $200,000•Remote

About The Position

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm values information security as a critical part of the company’s continued success. Our mission is to make information security programmatic and cultural in Affirm, enabling the company to succeed in building honest financial products. The Security team posture increases security and reduces risk while securely enabling access to information for those who need it! The Senior Product Security Engineer candidate will have experience building and architecting software as part of a larger team. The ideal candidate will work effectively with product and engineering teams to evaluate and influence product requirements, design, and implementation to improve the security of Affirm’s products.

Requirements

Deep understanding of web application architecture and design principles
Experience using modern software development and delivery techniques to develop cloud-based services. Python, Kotlin, Java, AWS, and Azure experience preferred.
Knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
Experience with PCI or other regulated environments.
Experience conducting threat models for complex, distributed products using standard threat modeling techniques and methodologies.
Experience with standard authentication mechanisms, including SAML and OAuth2.
Understanding of continuous integration / continuous deployment processes and tools.
BS degree in related field or equivalent experience. MS degree in a related field or equivalent experience is a plus.

Responsibilities

Partner with Affirm product teams to ensure that security is included in every phase of the product development lifecycle.
Conduct threat modeling and architecture reviews to ensure threats are understood, documented, and mitigated.
Review and analyze product source code to identify security vulnerabilities and provide recommendations for secure implementation.
Seek out opportunities to automate processes when appropriate.
Identify emerging classes of vulnerabilities and developing solutions for them before they’re a problem.
Assist product teams in the development of security focused test cases to enforce security requirements.
Advise product teams on business security requirements early in the product development lifecycle.
Decompose large, cross-team projects into individual tasks. Manage scope across teams and drive toward project closure.

Benefits

Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume