Senior Application Security Engineer

Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is essential to our continued success. From the CEO down to each individual developer, everyone views security as a personal responsibility. Your mission as a Senior Application Security Engineer is to identify potential threats and vulnerabilities, educate engineers, mentor team members, and communicate with engineers to resolve any issues identified.

What the Job Entails

  • We perform security reviews over a wide variety of exciting domains, from getting the first glance at new microservices to our transition into the cloud. There are many products and services in which you can make an impact.
  • We're responsible for securing the company code and third party libraries. We are integrated with CI/CD pipelines and automating our way to a scalable solutions; the kind of solution you can contribute to by writing code and directly working with engineers to further the adoption of our security tools.
  • Our mission is a real priority in the company. You will see, from the first week engineering on-boarding's required security training to our internal security champions program, security is in the forefront of every employee's mind. We own this part of the security program and are always looking to build out our internal training and awareness.
  • Our SDLC is integrated with the company's processes, and we work closely within our wider security organization to manage risk, coordinate, and move the entire company forward in our mission.

Your Expertise

  • You have a B.S. in Computer Science or related technical major or significant job experience.
  • You've worked in the security industry for a minimum 5 years security experience. We welcome both red team and blue team members.
  • You have worked in engineering or with engineers during your career, so you understand their work and obligations. Application Security works together with Engineering to meet both business needs and security requirements.
  • Do you have expertise in some of these technologies? iOS, Android, GCP, JIRA, Git, CircleCI, Jenkins, Artifactory, Consul, Kubernetes, webpack, react, GraphQL, Apollo, finagle, MySQL, Splunk, InfluxDB, Grafana, node.js, TypeScript, PHP, and Scala.
  • You are an expert in security vulnerabilities, knowledgable in testing and remediation, and can communicate all of these concepts to your partners in engineering.
  • You can share your knowledge throughout the company through public speaking and training programs.
  • Have you contributed to maintained multi-contributor security tools? Have you presented at security conferences and meet ups? We want to hear about how you would take our program to the next level.
  • Communication and teamwork is important; Interpersonal skills and the ability to work together with organizations will be key to your success.
  • Eagerness to challenge the status quo, balanced with a reasonable and helpful approach to effecting change.



Back to top