RemoteLeaf Logo
Log in Sign up

Staff Product Security Engineer

1 day, 21 hours ago
United States
Full-time
Lead
Application Security Engineer
Cybersecurity
AWS Azure CI/CD Java Kotlin OAuth OWASP Python SAML
Apply Now
Affirm

Affirm

Affirm offers a transparent buy now, pay later service founded in 2012 by Max Levchin. No late fees or surprises, just a responsible way to pay over time for your favorite brands.

Diversified Financial Services
1K-5K
Founded 2012
View All Jobs 153

Description

  • Partner with product teams to ensure security is included in every phase of the product development lifecycle.
  • Conduct threat modeling and architecture reviews to identify, document, and mitigate threats.
  • Review and analyze product source code to identify security vulnerabilities and recommend secure implementation approaches.
  • Seek opportunities to automate security and related processes where appropriate.
  • Identify emerging classes of vulnerabilities and develop solutions before they become problems.
  • Assist product teams in developing security-focused test cases to enforce security requirements.
  • Advise product teams on business security requirements early in the product development lifecycle.
  • Decompose large cross-team projects into manageable tasks and drive scope and execution toward closure.

Requirements

  • Deep understanding of web application architecture and design principles.
  • Experience using modern software development and delivery techniques to build cloud-based services.
  • Experience with Python, Kotlin, Java, AWS, or Azure preferred.
  • Knowledge of common security flaws and remediation approaches as published by OWASP, SANS, and similar sources.
  • Experience with PCI or other regulated environments.
  • Experience conducting threat models for complex, distributed products using standard threat modeling techniques and methodologies.
  • Experience with standard authentication mechanisms, including SAML and OAuth2.
  • Understanding of continuous integration and continuous deployment processes and tools.
  • Bachelor’s degree in a related field or equivalent experience.
  • Master’s degree in a related field or equivalent experience is a plus.

Benefits

  • Remote-first work with the flexibility to work almost anywhere within the country of employment.
  • Competitive base pay of $225,000-$275,000 in CA, WA, NY, NJ, and CT, or $200,000-$250,000 in other U.S. states.
  • Equity rewards as part of the total compensation package.
  • Monthly stipends for health, wellness, and technology spending.
  • 100% subsidized medical, dental, and vision coverage for employees and dependents.
  • Flexible Spending Wallets for technology, food, lifestyle needs, and family-forming expenses.
  • Competitive vacation and holiday schedules.
  • Employee stock purchase plan with a discount.
  • Reasonable accommodations available during the hiring process.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Coinbase

Blockchain Security Engineer

Coinbase 1K-5K Capital Markets

Coinbase is hiring a Blockchain Security Engineer for its Decentralized Financial Security Team to help design and secure upcoming crypto products and features used by millions of customers.

United States Full-time Senior Application Security Engineer
$152k-$179k
Blockchain Databricks Generative AI Snowflake
1 day, 5 hours ago
Veeam Software

Application Security Engineer - Pentester

Veeam Software 1K-5K Internet Software & Services

Veeam is hiring an Application Security Engineer (Offensive Testing) to lead penetration testing and DAST for Veeam Data Cloud products and help engineering teams remediate exploitable web and API security issues.

Czech Republic Full-time Senior Application Security Engineer Penetration Tester
Burp Suite CI/CD OAuth OpenID Connect Penetration Testing SAML
1 day, 6 hours ago
Brex

Senior Application Security Engineer

Brex 1K-5K Diversified Financial Services

Brex is hiring a Senior Application Security Engineer to secure its financial platform by identifying vulnerabilities, improving secure development practices, and helping protect new AI-driven product features.

Anywhere Full-time Senior Application Security Engineer
$192k-$240k
AWS GraphQL gRPC Kotlin Kubernetes Penetration Testing Python
1 day, 8 hours ago
Quanata

Senior Application Security Engineer [Remote-US]

Quanata 201-500 information technology & services

Quanata is hiring a Senior Application Security Engineer to partner with web, backend, and data science teams to embed security across the software development lifecycle for its context-based insurance products.

United States Full-time Senior Application Security Engineer
$220k-$350k
AWS CI/CD Docker GraphQL JavaScript Kubernetes Microservices Node.js Penetration Testing REST API SonarQube TypeScript
1 day, 8 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers