Infrastructure Security Engineer

Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your role is to help design, implement, test, and operate the security infrastructure that makes it possible to deliver on that promise every single day.

What will you do?

  • Support engineering, infrastructure, security, and IT teams to continuously improve the systems and processes that provide the detective, preventive and corrective security controls for all Credit Karma environments.
  • Conduct internal and coordinate external penetration testing activities.
  • Research new and emerging technologies and the unique threats they face.Help to guide secure design, deployment and operation.Detect, respond to, and remediate security incidents, using lessons learned to improve Credit Karma systems and processes and prevent similar events in the future.Streamline patch management activities.
  • Support vendor and partner security assessments.
  • Balance security and business requirements in collaboration with diverse teams across the entire organization.
  • Challenge hundreds of product and services companies to help us stay on the leading edge of security innovation.
  • Contribute back to communities solving the same kinds of problems.

What’s great about it?

  • Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
  • Tackling a wide variety of challenges, as opposed to being limited to just a few areas of responsibility.
  • Solving security problems at scale in a highly technology-focused team.
  • Spending zero minutes convincing anyone why security is important - we all understand that very well already!

What do we expect?

  • B.S. in Computer Science or related technical major, or significant job experience.
  • Minimum 5 years experience with internet-facing production infrastructure.
  • Minimum 2 years operational security experience.
  • Technical depth in several of the following areas, and broad familiarity with most: network routing, layer 3/4/7 firewalls, virtualization, containerization, virtual terminal solutions, intrusion detection/prevention, OSS security tools, vulnerability scanners, Splunk/Splunk ES, SaaS security, utility computing, PKI, HTTP-based SOA/microservices, OWASP/WASC, LAMP stack, Node.js, Scala/Java, CI/CD pipeline, mobile, and Identity and Access Management.Familiarity with InfoSec control frameworks and how they can be realistically implemented.
  • Artful communication skills and organizational savvy, to steer peers toward solutions that carefully balance business, risk, compliance, and engineering concerns.
  • Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
  • A fun and positive attitude!


Back to top