Product Security Engineer II

Greenlight is the leading family fintech company on a mission to help parents raise financially smart kids. We proudly serve more than 6 million parents and kids with our award-winning banking app for families. With Greenlight, parents can automate allowance, manage chores, set flexible spend controls, and invest for their family’s future. Kids and teens learn to earn, save, spend wisely, and invest. 

At Greenlight, we believe every child should have the opportunity to become financially healthy and happy. It’s no small task, and that’s why we leap out of bed every morning to come to work. Because creating a better, brighter future for the next generation depends on it.

We are seeking a Product Security Engineer II to join our growing security team. This role will be critical in ensuring the security of our products across the entire software development lifecycle (SDLC) and provide support on different security initiatives. You will work closely with engineering, product, and operations teams to embed security best practices from design through to deployment.

• Node.js, Java/Kotlin, React, Redux, Swift, SwiftUI
• AWS
• MySQL, DynamoDB, Redis
• Kubernetes, Ambassador, Helm, Rancher

• Support in executing a comprehensive product security strategy that aligns with the company's goals and risk appetite.
• You will work hands on across code, infrastructure, and CI/CD to create agents, services and pipelines that detect, prevent and remediate risks leveraging AI where it adds value. 
• Design, build and operate security automation for the SDLC (code scanning, dependency risk management, secrets detection, policy-as-code) integrated into CI/CD. 
• Perform Manual Design and Implementation Reviews of Greenlight products and services from a security perspective.
• Establish and enforce secure development standards (i.e. API security, Security patterns, IaC, etc.)  and best practices across the organization.  
• Serve as SME on the practical security of our AI and LLM ecosystem. Lead threat modeling exercises for novel AI systems applying advanced security and privacy best practices. 
• Leverage automations and tools to continuously test, fuzz and validate products and platform components for security issues.
• Perform Penetration testing and retesting to validate fixes.
• Responsible for triaging findings from security researchers and leading incident response for PSIRT.
• OnCall support for incident response and lead product-related security events and vulnerabilities.
• Foster a culture of security awareness and ownership across the Engineering and Product organizations.
• Stay current with the latest security threats, vulnerabilities, and industry best practices to continuously evolve our security controls and processes.

• 5+ years of experience finding security vulnerabilities, security code reviews  and knowledge of secure code development for the technology stack at Greenlight.
• 2-4 years experience with the threat modeling process and ability to find design problems based on technical architecture and data flow diagrams.
• Experience with exploiting common security vulnerabilities 
• Deep technical knowledge of web and mobile application security, common vulnerabilities, secure coding practices, common exploit mitigations and secure architecture patterns.
• Experience integrating or building AI-powered tools to assist with vulnerability detection, code review or threat modeling. 
• Experience creating software that enables security processes especially those leveraging AI/ML for automation or augmentation. 
• End to end experience on implementing and managing tools for Product Security (i.e. API Security, Mobile Protection, SAST, runtime scanning, etc.)
• Experience with software development and automation that enables security processes. Deep technical knowledge of CI/CD pipelines and relevant tools for web and mobile applications. 
• Hands-on experience with security tools for SAST, DAST, IAST, and penetration testing. Fuzzing skills are good to have. 
• Skilled in scripting, automation and exploit writing. 
• Strong understanding of cloud security principles in AWS environments.
• Strong communication skills with the ability to articulate complex security concepts to both technical and non-technical audiences. 
• Strong product sense for rapid iteration and refinement based on data, combined with a collaborative mindset to work closely with engineers, product managers, and security analysts in a fast-paced environment.

• Strong at abstraction turning bespoke engagements into reusable patterns and reference implementation.
• Security assessment of IoT hardware/firmware
• Contribution to security community including public research, bug bounty, presentations, blogs, etc
• Experience at Fintech or similar regulated companies
• Startup Agility and stay curious mindset

Who we are:

It takes a special team to aim for a never-been-done-before mission like ours. We’re looking for people who love working together because they know it makes us stronger, people who look to others and ask, “How can I help?” and then “How can we make this even better?” If you’re ready to roll up your sleeves and help parents raise a financially smart generation, apply to join our team.

Greenlight is an equal opportunity employer and will not discriminate against any employee or applicant based on age, race, color, national origin, gender, gender identity or expression, sexual orientation, religion, physical or mental disability, medical condition (including pregnancy, childbirth, or a medical condition related to pregnancy or childbirth), genetic information, marital status, veteran status, or any other characteristic protected by federal, state or local law.

Greenlight is committed to an inclusive work environment and interview experience. If you require reasonable accommodations to participate in our hiring process, please reach out to your recruiter directly or email recruiting@greenlight.me.