Staff Product Security Engineer

Greenlight is the leading family fintech company on a mission to help parents raise financially smart kids. We proudly serve more than 6 million parents and kids with our award-winning banking app for families. With Greenlight, parents can automate allowance, manage chores, set flexible spend controls, and invest for their family’s future. Kids and teens learn to earn, save, spend wisely, and invest. 

At Greenlight, we believe every child should have the opportunity to become financially healthy and happy. It’s no small task, and that’s why we leap out of bed every morning to come to work. Because creating a better, brighter future for the next generation depends on it.

We are seeking an experienced and motivated Staff Product Security Engineer to join our growing security team. This role will be critical in ensuring the security of our products across the entire software development lifecycle (SDLC). The ideal candidate will be a technical leader, capable of driving product security initiatives end to end. You will work closely with engineering, product, and operations teams to embed security best practices from design through to deployment.

As a Staff Product Security Engineer, you will be responsible for ensuring the security of Greenlight’s products and services from conception to launch and beyond, as well as operating the processes along with the team. You will play a critical role in shaping our security posture, embedding security into our development lifecycle, and protecting our customers' data.

This role reports to the Sr Director, Security GRC & Trust

• Support in developing and executing a comprehensive product security strategy that aligns with the company's goals and risk appetite.
• Foster a culture of security awareness and ownership across the Engineering and Product organizations.
• Integrate security best practices and automated tooling into the entire Software Development Lifecycle (SDLC), from design and threat modeling to testing and deployment.
• Establish and enforce secure development standards (i.e. API security, coding, IaC, etc.)  and best practices across the organization.
• Oversee the application security program, including static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and manual penetration testing.
• Partner closely with engineering, product, and platform teams to prioritize and remediate security vulnerabilities in a timely and efficient manner.
• Establish and manage a mature incident response process for product-related security events and vulnerabilities.
• Partner with engineering, product, and platform teams to enhance Greenlight Application’s security features.
• Stay current with the latest security threats, vulnerabilities, and industry best practices to continuously evolve our security controls and processes.

• Deep technical knowledge of web and mobile application security, common vulnerabilities (OWASP Top 10), and secure coding practices.
• Deep technical knowledge of CI/CD pipeline and relevant tools for web and mobile applications
• End to end experience on implementing and managing tools for Product Security (i.e. API Security, Mobile Protection, SAST, runtime scanning, etc.)
• Hands-on experience with security tools for SAST, DAST, IAST, and penetration testing.
• Strong understanding of cloud security principles in AWS environments.
• Excellent communication skills with the ability to articulate complex security concepts to both technical and non-technical audiences.
• Plus: Experience with security tools such as Burp Suite, Metasploit, Kali Linux
• Plus: Background in financial services, fintech, or highly regulated industries
• Plus: Hands-on certifications (e.g. OSCP, Certified Ethical Hacker, SANS) and/or demonstrated code projects. Please share your github or public code samples with us!

• Node.js, Java/Kotlin, React, Redux, Swift, SwiftUI
• AWS
• MySQL, DynamoDB, Redis
• Kubernetes, Ambassador, Helm, Rancher

• Medical, dental, vision, and HSA match 
• Paid life insurance, AD&D, and disability benefits 
• Traditional 401k with company match
• Unlimited PTO 
• Paid company holidays and pop-up bonus holidays 
• Professional development stipends
• Mental health resources  
• 1:1 financial planners
• Fertility healthcare
• 100% paid parental and caregiving leave, plus cleaning service and meals during your leave
• Flexible WFH, both remote and in-office opportunities
• Fully stocked kitchen, catered lunches, and occasional in-office happy hours
• Employee resource groups

Our stance on salaries:

Greenlight provides a competitive compensation package with a market-based approach to pay and will vary depending on your location, experience and skill set. The total compensation package for this position will also include a discretionary performance bonus, equity rewards, medical benefits, 401K match, and more. Greenlight conducts continuous compensation evaluations across departments and geographies to ensure we are keeping our pay current and competitive.

The estimated base pay range for this position in (NY, CA, WA): $165,000-200,000

The estimated base pay range for this position in (CO): $165,000-185,000

Who we are:

It takes a special team to aim for a never-been-done-before mission like ours. We’re looking for people who love working together because they know it makes us stronger, people who look to others and ask, “How can I help?” and then “How can we make this even better?” If you’re ready to roll up your sleeves and help parents raise a financially smart generation, apply to join our team.

Greenlight is an equal opportunity employer and will not discriminate against any employee or applicant based on age, race, color, national origin, gender, gender identity or expression, sexual orientation, religion, physical or mental disability, medical condition (including pregnancy, childbirth, or a medical condition related to pregnancy or childbirth), genetic information, marital status, veteran status, or any other characteristic protected by federal, state or local law.

Greenlight is committed to an inclusive work environment and interview experience. If you require reasonable accommodations to participate in our hiring process, please reach out to your recruiter directly or email recruiting@greenlight.me.