Staff Engineer, Security at Chipper Cash

About Our Tech Stack

• Node.js + Typescript service-based architecture
• React Native Android/iOS application
• PostgreSQL application databases
• RabbitMQ for inter-server communication
• Server hosting on Heroku and Google Cloud Platform
• Fully automated CI/CD using Heroku CI and Github
• Application monitoring with Datadog, Logz.io, and Amplitude
• Snowflake for data warehousing and analysis
• Python for in-depth data analysis, transformation, and reporting

What You Will Work On

• Security engineering at Chipper spans the full-stack - this role involves gaining an understanding of the technical architecture of the Chipper Platform, continuously examining different attack surfaces, and proactively identifying and implementing security-hardening measures.
• Security engineering at Chipper is also a heavily collaborative role. Security is a principle that permeates everything that we work on, and the security engineering team works with a wide variety of other teams in order to spread understanding of potential vulnerabilities and to instill a security-focused mindset within everything we do.

Some examples of responsibilities include:

• Actively participating in project planning, code reviews, and spec reviews, to assist in hardening the design and implementation of a wide variety of projects
• Collaborating with the the data intelligence team to identify new queries, analysis pipelines, ML models, and alerts to be built in order to detect security-relevant activity
• Working with the DevOps team to verify full firewall coverage, and managing internal key storage and access controls
• Integrating with new security software vendors and managing current security-related software integrations
• Orchestrating penetration tests and other security-related accreditation with external firms
• Working with different product teams to harden various 3rd-party API integrations with enhanced connection verification and scheduled credential rotations
• Brainstorming with the design team to create user-facing systems that are secure and easy to use

What You Should Have
The role isn't very focused on being an expert on any specific security domain (such as in a specific language or framework or layer of the application stack) - the most important skills are:

• Having an inquisitive, curious, and investigative mindset - thriving at independently reviewing designs and codebases and seeking out potential vulnerabilities
• Broad full-stack technical ability - being able to quickly gain familiarity with different technologies in-use throughout the team in order to competently understand the code and system designs

Great To Have

• Past experience in a role with significant security engineering responsibilities
• Past experience with fintech and early-stage startups
• Leadership interest and/or experience
• Familiarity with our tech stack - Node.js, Typescript, Python, React Native, RabbitMQ, PostgreSQL, Snowflake
• Familiarity with our tool stack - ELK, Datadog, Cloudflare, Heroku, AWS, GCP, Retool