Senior Security Engineer
- Palo Alto, CA
Earnin is a community-supported financial platform with a suite of tools that let people take control of their financial future. Earnin started out by solving one of the greatest – and least discussed – inequities in the American financial system: the practice of employers paying workers bi-weekly. Earnin's core product, Cash Out, allows people to access the pay they've already earned. There are no loans or hidden costs. People pay what they choose. Other products include: Balance Shield, which helps prevent overdrafts, a financial calendar that helps people budget and schedule payments, and Tip Yourself - a revolutionary free social savings app.
Funding: Series C, current funding partners include Andreessen Horowitz, DST, Matrix Partners, Ribbit Capital, Felicis Ventures and March Capital.
Join us and help build a new financial system focused on fairness and people’s needs.
You can help make a difference!
This hands-on position will serve as EarnIn’s Cybersecurity Architect, providing oversight, coordination, and delivering the activities supporting successful internal and external compliance, and regulatory activities. This role is responsible for architecting and implementing a security architecture that will ensure data security. ensures the ongoing effectiveness of Cybersecurity controls, working with a variety of control owners within the Cybersecurity organization, and evaluating control design and standards in a variety of program areas. Areas of focus include ongoing internal audits, annual compliance and regulatory activities with QSAs, Technology Risk, and Enterprise Risk. This position requires an individual that can effectively balance the individual elements of each of these activities, while keeping the overall program on track for annual certification. This position will also support the sharing/dissemination of this information to external customers and clients. This role will report directly to the CISO.
What You'll Do:
- Provide information security consulting services to internal groups and development teams to assess risk and ensure implementations are consistent with security standards. These services will include architecture review, vulnerability assessment, threat analysis, exception review, and more.
- Improve the security posture of the application and supporting production environment by evaluating and leading deployment of security related tools, products, and processes. Manage and collaborate in systems and network security installation, configuration, and review.
- Oversee vulnerability management program involving the performance of internal penetration tests and managing engineering triage for third party penetration tests. Proactively assess potential items of risk and opportunities of vulnerability in the network. Perform regular application and infrastructure vulnerability assessments.
- Oversee the risk management, user training and awareness programs.
- Manage a variety of day-to-day security operational tasks. Manage security event monitoring and security incident management, vulnerability assessment, compliance monitoring and data loss prevention.
- Design, implement and support security-focused tools and services. Guide secure infrastructure deployments (e.g. firewalls, networks, services).
- Promote security principles and enforce security policy by consulting and collaborating with architecture, network engineering, engineering and development, and IT/Corporate areas. Contribute to the development of security policies and processes.
- Lead in technical aspects of security compliance (e.g. PCI, SAS70, SOX). Review and recommend new security products as necessary, conduct regular audits of systems to ensure security standards and processes are being followed, and manage internal and external security audit interaction.
What We're Looking For:
- 10 + years of security experience in relevant security domains (e.g. compliance, audit, security risk management), with 5+ years of management experience.
- Experience implementing and maturing security program based on PCI, HIPAA and SOC2.
- Experience implementing privacy program based on privacy regulations such as CCPA and GDPR .
- One or more industry certificates e.g. CISSP, CISA, CISM, CRISC, CIPP.
- Experience recruiting and building out high performing security teams.
- Experience implementing and maturing security program in a fast paced FinTech or HealthTech industry is highly desirable.
Back to top