Security Engineer

SECURITY ENGINEER

At Current, we’re on a mission to enable our members to create better financial outcomes for themselves. Headquartered in NYC, we’re a leading U.S. fintech and one of the fastest growing companies with over 3 million members. No matter your title, we’re a team that collaborates on building great products and making an impact together.

Security Engineers are the core members of the security team bringing various specialities to bear on securing Current’s infrastructure and code. As a member of Current’s security operations team, you will help protect application and network boundaries, keeping Current’s systems hardened against attacks and providing security services to protect highly sensitive data. 

Successful Security Engineers will thrive in high-stress environments and can think like both an attacker and defender, engage with and work with other Security Engineers, as well as collaborating with cross-functional teams across Current to provide guidance on security best practices.

RESPONSIBILITIES:

• Ownership of efforts related to the securing of Current's SaaS infrastructure
• Collaborate with Current’s IT operations and core engineering teams to assure required controls are in place and documented within the context of Current’s security standards
• Provide subject matter expertise on architecture, authentication, and system security
• Assess security tools and integrate tools as needed, particularly open-source tools
• Identify, investigate, and mitigate information security risks with a focus on data protection and fraud exposures 
• Design infrastructure and drive its implementation to protect Current’s networks and systems
• Conduct security reviews of core corporate and production infrastructure
• Drive enterprise focused security improvements to Current products and services
• Build security tools and processes for critical infrastructure protection, monitoring and remediation

ABOUT YOU:

• B.S. Computer Science or equivalent experience
• 5+ years work experience in information systems security
• Experience with information systems security standards and practices (NIST 800-53, PCI-DSS, HIPAA, etc.)
• Conversant with system and application security risks, threats and vulnerabilities
• Demonstrated experience in cloud security delivered within the context of customer facing roles, preferably GCP
• Coding experience in one or more general purpose languages, preferably JAVA
• Experience with attacks and mitigation methods, working in two or more of the following: 
• Network protocols and secure network design
• Common security libraries, security controls, and common security flaws that could apply to Current’s applications.
• Discovery and patching SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond)
• Common authentication technologies including OAuth, SAML, CAs, OTP/TOTP
• Browser-based security controls such as CSP, HSTS, XFO
• Standard web application security tools such as Arachni, Brakeman, and BurpSuite.
• Operating system internals and hardening (e.g. Windows, Linux, OS X, Android)
• Security assessments and penetration testing
• Authentication and access control
• Applied cryptography and security protocols
• Security monitoring and intrusion detection
• Incident response and forensics
• Development of security tools, automation or frameworks

BENEFITS:

• Base salary range of $160,000 to $230,000. Compensation is based on experience, technical skills, and qualifications which are assessed during the interview process. Total compensations includes equity(options) and comprehensive benefits detailed below:
  
  • 401(k) plan with company matching
  • Medical, Dental and Vision premiums covered at 100% for you and your dependents 
  • Commuter benefits 
  • Healthcare and Dependent care FSA benefit 
• Discretionary performance bonus program 
• Biannual performance reviews
• Flexible time off and paid holidays 
• Generous parental leave policy
• Employee Assistance Programs focused on mental health 
• Healthcare advocacy program for all employees 
• Access to mental health apps 
• Team building activities
• Our modern Chelsea-based office with open floor plan, stocked kitchen, and catered lunches