Senior Application Security Engineer at Chipper Cash

About Our Tech Stack

• Node.js + Typescript service-based architecture
• React Native Android/iOS application
• PostgreSQL application databases
• RabbitMQ for inter-server communication
• Server hosting on Heroku and Google Cloud Platform
• Fully automated CI/CD using Heroku CI and Github
• Application monitoring with Datadog, Logz.io, and Amplitude
• Snowflake for data warehousing and analysis
• Python for in-depth data analysis, transformation, and reporting

What You Will Work On

Security engineering at Chipper spans the full-stack - this role involves gaining an understanding of the technical architecture of the Chipper Platform, continuously examining different attack surfaces, and proactively identifying and implementing security-hardening measures.

Security engineering at Chipper is also a heavily collaborative role. Security is a principle that permeates everything that we work on, and the security engineering team works with a wide variety of other teams in order to spread understanding of potential vulnerabilities and to instill a security-focused mindset within everything we do.

Some examples of responsibilities include:

• Actively participating in project planning, code reviews, and spec reviews, to assist in hardening the design and implementation of a wide variety of projects
• Collaborating with the the data intelligence team to identify new queries, analysis pipelines, ML models, and alerts to be built in order to detect security-relevant activity
• Working with the DevOps team to verify full firewall coverage, and managing internal key storage and access controls
• Integrating with new security software vendors and managing current security-related software integrations
• Orchestrating penetration tests and other security-related accreditations with external firms
• Working with different product teams to harden various 3rd-party API integrations with enhanced connection verification and scheduled credential rotations
• Brainstorming with the design team to create user-facing systems that are secure and easy to use

What You Should Have

The role isn't very focused on being an expert on any specific security domain (such as in a specific language or framework or layer of the application stack) - the most important skills are:

• Having an inquisitive, curious, and investigative mindset - thriving at independently reviewing designs and codebases and seeking out potential vulnerabilities
• Broad full-stack technical ability - being able to quickly gain familiarity with different technologies in-use throughout the team in order to competently understand the code and system designs

Great To Have

• Past experience in a role with significant security engineering responsibilities
• Past experience with fintech and early-stage startups
• Leadership interest and/or experience
• Familiarity with our tech stack - Node.js, Typescript, Python, React Native, RabbitMQ, PostgreSQL, Snowflake
• Familiarity with our tool stack - ELK, Datadog, Cloudflare, Heroku, AWS, GCP, Retool

Next Steps

If you feel you are a fit, please apply because we would love to hear from you. It means a lot to us that you have taken the time to read through our job description so thank you so much for your time. We wish you all the best in your job search.

We hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, Veteran status, and any other status. Chipper Cash is proud to be an Equal Opportunity Employer and will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance. If there are any accommodations that we can provide during the interview process that help you to be confident and do your best work, don’t hesitate to let us know.