Senior Security Engineer - Application Security

SENIOR SECURITY ENGINEER - APPLICATION SECURITY

AT WEPAY

Are you looking for a high impact role where you would help build secure and safer payment platform for millions of users? Would you be interested in testing security of systems and softwares and also help define how security is implemented through various stages of the SDLC for all engineering teams and products?  Then the Senior Security Engineer with WePay is what you are looking for.

As Senior Security Engineer with WePay, you will help define and implement creative techniques to protect WePay’s critical assets against a constantly changing threat landscape.  This individual will work closely with other engineering teams to assess the threat landscape, and design, build, perform ethical hacking and find creative ways to keep our critical assets safe.  They will make decision around commercial/open source security testing tools we will add in our security solutions portfolio. This person who fills this role will have the opportunity to assess and improve security in emerging payment solutions such as mobile payment solutions.

Information Security at WePay is one of our highest prioritiestherefore the ideal candidate will share passion for engineering solutions to complex security problems, while minimizing employee friction and maximizing productivity.  They will help build security payment products and making sure that the data that we are trusted to protect is secured to the highest standard.

WHAT IMPACT WILL YOU HAVE?

As a Security Engineer you will  be responsible for enhancing WePay’s ability to write secure applications and services through design, development, and implementation of secure software development practices. You will collaborate and advise engineering teams on building authentication, authorization and encryption solutions.

This individual will research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts and interact directly with the external security community (e.g. bug bounty program) regarding security vulnerabilities and threats.  You will perform vulnerability testing, risk analysis and security assessments.  Ensure that identified issues are prioritized and addressed in an appropriate timeframe.  Last but not least you would be responsible for helping to develop security training and education for our software engineers.

WHAT WE ARE LOOKING FOR

  • Minimum 5 years of experience in information security field
  • In-depth knowledge of Web application Vulnerabilities and ability to articulate their impact to technical and business users
  • Experience with performing Threat Modeling and designing secure Architecture
  • Experience with creating and supporting Secure Software Development Lifecycle
  • Experience with dynamic and static web application testing tools
  • Knowledge of traditional and cloud Architecture, experience of Google Cloud or other public and private cloud technologies a plus
  • Excellent analytical skills, organizational skills, ingenuity and the ability to work as part of a team

BONUS IF YOU HAVE

  • Advanced interpersonal skills to effectively promote ideas and collaboration at the various levels of the organization
  • Experience of HTML5, Java, Javascript, PHP, Python, MySQL is a plus
  • Knowledge of mobile application security, including experience implementing security controls
  • Experience working with security vendors, including submitting feature requests, evaluating products and analyzing security functionality of a diverse set of product
  • Experience with securing cloud environments

We want to see your problem-solving and analytical skills. Be prepared to write good, clean, scalable code. You don’t need to know our entire stack, but we’re looking for practical experience, someone who can solve production problems in the cloud. Our hiring processes might include:

- Online Code Challenge

- Recruiter Phone Screen

- Technical Phone Interview with an Engineer

- On-site Interview

 

WePay, a Chase company, is the payments partner to the platform economy. It has uniquely enabled Constant Contact, GoFundMe, Meetup, and more than 1,000 other B2B and B2C platforms to provide integrated payments processing without compromising on their user experience or taking on risk and regulatory exposure. WePay is a two-time honoree on the Inc. 500 fastest growing private companies list before its December 2017 acquisition by JPMorgan Chase & Co., and has earned recognition on San Francisco and Silicon Valley "Best Places to Work" lists for an open, supportive culture that focuses on delighting customers and employees and offers all the usual perks (free lunch daily, subsidized gym membership, Responsible Time Off, etc.).  

You can find more information at wepay.com.

To all recruitment agencies, WePay does not accept agency resumes. Please do not forward resumes to our jobs alias, WePay employees or any other company location. WePay is not responsible for any fees related to unsolicited resumes