Experienced Security Engineer - Product Security

We believe that the way people interact with their finances will drastically improve in the next few years. We’re dedicated to empowering this transformation by building the tools and experiences that thousands of developers use to create their own products. Plaid powers the tools millions of people rely on to live a healthier financial life. We work with thousands of companies like Venmo, SoFi, several of the Fortune 500, and many of the largest banks to make it easy for people to connect their financial accounts to the apps and services they want to use. Plaid’s network covers 12,000 financial institutions across the US, Canada, UK and Europe. Founded in 2013, the company is headquartered in San Francisco with offices in New York, Washington D.C., London and Amsterdam. #LI-Remote

The mission of Plaid's Product Security Team is “Improve our customer’s trust by assuring secure development and delivery of products and services, minimizing risk to the ecosystem, and preventing security incidents.”

The Product Security team is responsible for managing the security processes, policies and controls to secure Plaid’s developer and consumer facing products. The product security team is focused on areas like Application Security, Vulnerability Management, Secure Architecture and Coding, Penetration Testing and Cloud Security.

As a Product Security Engineer, you will work with the Engineering team to build secure products, ensuring security controls are available by default and educating stakeholders on best practices and standards. You will build and implement runtime protection on Plaid’s live products by implementing security solutions like automated security scanners, and runtime application protections. You will also participate in security reviews, threat modeling and building secure architecture standards for products deployed on AWS. You will detect vulnerabilities and triage them with appropriate owners, use vulnerability remediation tools and practices, and follow compliance standards and frameworks but at the same time ensuring you compliment developer velocity and developer satisfaction is a top priority. 

Major projects may include building/installing application security testing tools, refining a vulnerability management program, deploying and testing interceptors/wrappers for runtime protection, partnering with strategic teams to help minimize the risk earlier and also coordinating with other security and engineering teams to standardize security policies and standards.

Responsibilities

• Lead product security processes and controls focused on secure development and vulnerability remediation of Plaid products.
• Lead secure design and threat modeling exercises with product and development teams and provide feedback during all phases of the development lifecycle.
• Partner with engineering teams to identify and solve complex security problems.
• Conduct thorough technical security assessments and provide expert security opinion to minimize risk in Plaid products.
• Conduct security testing during product development and in the production environment.
• Maintain and create secure development practices and programs for our engineering teams and external developers.
• Understand global events and trends to influence key technical decisions and ensure the security of Plaid products
• Scaling the impact of security teams by mentoring security engineers.
• Build training programs to educate the engineering team in secure development concepts. 

Qualifications

• 7+ years of experience in implementing and leading product security controls and processes like secure SDLC, security champions, VM, bug bounty, threat and risk assessment, etc.
• Excel in secure architecture and development concepts.
• Hands on skill in building developer centric security solutions.
• Expertise in areas like shift-left, secure development, vulnerability management and risk management.
• Knowledge of securing applications deployed using docker, kubernetes, and public cloud like AWS.
• Strong in both upward and downward communication of security updates and reports.
• Experience in using security testing tools like Burp.
• Have deployed common application security testing tools for early vulnerability management at scale. 
• Familiar with OWASP top 10 and CWE top 25 standards.

Our mission at Plaid is to unlock financial freedom for everyone. To support that mission, we seek to build a diverse team of driven individuals who care deeply about making the financial ecosystem more equitable. We recognize that strong qualifications can come from both prior work experiences and lived experiences. We encourage you to apply to a role even if your experience doesn't fully match the job description. We are always looking for team members that will bring something unique to Plaid!

Plaid is proud to be an equal opportunity employer and values diversity at our company. We do not discriminate based on race, color, national origin, ethnicity, religion or religious belief, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, military or veteran status, disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state, and local laws. Plaid is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance with your application or interviews due to a disability, please let us know at [email protected].

Please review our Candidate Privacy Notice here.