Greenlight

Greenlight

Greenlight is a financial technology company offering a debit card and money app for families, empowering parents to raise financially smart kids through smart spending and investing.

Capital Markets
251-1K
Founded 2014
$556M raised

Description

  • Define and lead the long-term product security strategy, roadmap, and vision aligned with business goals, risk appetite, and regulatory requirements.
  • Serve as the internal authority on application and product security for engineering, product, and executive stakeholders.
  • Embed security ownership and security-first practices across engineering teams and the software development lifecycle.
  • Architect and evolve a comprehensive Product Security program spanning threat modeling, SAST, DAST, IAST, SCA, runtime protection, and API security.
  • Lead the design and enforcement of secure development standards for web, mobile, cloud, secure coding, infrastructure-as-code, and APIs.
  • Identify, prioritize, and drive remediation of systemic vulnerabilities and architectural security gaps across the platform.
  • Lead and improve the penetration testing program through internal efforts and external vendor partnerships.
  • Partner with engineering and platform teams to build security-enhancing product features.
  • Establish and lead incident response processes for product security events, including root cause analysis and systemic remediation.
  • Evaluate and introduce new security tools, techniques, and frameworks to keep the company ahead of emerging threats.
  • Mentor staff and senior engineers across security and engineering to raise the organization’s security engineering capability.

Requirements

  • 12+ years of experience in product security, application security, or a related engineering discipline.
  • Proven track record of defining and driving security programs at scale across complex, multi-platform environments.
  • Hands-on experience architecting and implementing security solutions and processes in production environments.
  • Expert-level knowledge of web and mobile application security, including OWASP Top 10, API security, and iOS/Android threat vectors.
  • Deep hands-on experience with SAST, DAST, IAST, SCA, secrets scanning, and runtime protection tools.
  • Strong command of cloud security architecture and controls, particularly in AWS environments.
  • Experience leading or influencing the security architecture of distributed, microservices-based systems.
  • Experience developing and implementing security solutions.
  • Ability to build strong cross-functional relationships and influence engineering culture without direct authority.
  • Exceptional communication skills for translating complex security risk to technical and non-technical stakeholders.
  • Experience operating in regulated industries such as financial services, fintech, or healthcare.
  • Hands-on certifications such as OSCP, GWAPT, GPEN, CISSP, or equivalent are a plus.
  • Public code, research, GitHub, or other public security work is a plus.
  • Experience building or scaling Product Security programs in high-growth startup environments is a plus.
  • Familiarity with security tools such as Burp Suite or Kali Linux is a plus.

Benefits

  • Medical, dental, vision, and HSA match.
  • Paid life insurance, AD&D, and disability benefits.
  • Traditional 401(k) with company match.
  • Unlimited PTO and paid company holidays, plus pop-up bonus holidays.
  • Professional development stipends.
  • Mental health resources.
  • 1:1 financial planners.
  • Fertility healthcare and 100% paid parental and caregiving leave, plus cleaning service and meals during leave.
  • Flexible work-from-home options with both remote and in-office opportunities.
  • Fully stocked kitchen, catered lunches, and occasional in-office happy hours.
  • Employee resource groups.
  • Competitive compensation with a market-based pay approach.
  • Discretionary performance bonus and equity rewards.
  • Estimated base pay range of $180,000-$240,000 in NY/CA/WA and $180,000-$220,000 in CO.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Senior Manager, Engineering

Sumo Logic 251-1K Internet Software & Services

Sumo Logic is hiring a Senior Manager, Engineering for Application Security to lead global programs that improve product security, reliability, and operational efficiency across its cloud platform.

Agile AWS C++ Docker GCP Java Kafka Kubernetes OWASP Ruby Scala SIEM
16 hours, 34 minutes ago

Security Engineering - Apps and Cloud Security

CallTek 51-250 Internet Software & Services

A security engineer at the company will own cloud and application security initiatives across CSPM, CIEM, CWPP, and AppSec platforms, with a focus on securing multi-cloud environments and enabling DevSecOps.

AWS DevSecOps GCP
16 hours, 34 minutes ago

Senior Configuration Engineer, Product AppSec

Veeam Software 1K-5K Internet Software & Services

Veeam is hiring a Senior Configuration Engineer to lead enterprise release management and delivery automation across cloud-native, SaaS, and AI product environments.

Ansible Azure Bash CI/CD DevSecOps Docker GitOps Jenkins Kubernetes PowerShell Python Secrets Management Terraform
6 days, 15 hours ago

Senior Cyber-Security Operations Analyst, Product AppSec

Veeam Software 1K-5K Internet Software & Services

Veeam is hiring a Senior Cyber Security Operations Analyst to help design and scale secure Azure-based development and QA environments while improving CI/CD delivery and integrating security across the software lifecycle.

Ansible AWS Azure Bash CI/CD DevSecOps Docker GCP Git GitHub Actions Jenkins Kubernetes PowerShell Python Secrets Management Terraform
6 days, 16 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers