Senior Security Engineer

Summary

Join EarnIn's security team as a highly skilled Offensive Security Engineer. This full-time, remote position offers a competitive salary ($186,300 - $227,700) plus equity and benefits. You will conduct penetration testing, identify vulnerabilities, and provide recommendations to enhance security. Collaboration with engineering teams and thorough documentation are crucial. The ideal candidate possesses extensive experience in penetration testing, security architecture reviews, and vulnerability management, along with strong programming skills and familiarity with various security tools and frameworks. EarnIn values diversity and inclusion.

Requirements

• Strong experience in penetration testing, including identifying and exploiting security flaws in web applications, APIs, and infrastructure
• Proficiency in security architecture reviews, understanding of secure design principles, and ability to communicate findings effectively
• Experience creating and critically reviewing data flow diagrams (DFDs) to identify security issues
• Excellent attention to detail and ability to document findings thoroughly
• Programming experience (Python, Java, JavaScript, or similar)
• Experience with security tooling such as Nmap, Burp Suite, Metasploit, or custom-built security scripts
• Familiarity with threat modeling methodologies and security frameworks (e.g., STRIDE, OWASP, NIST)
• Strong understanding of web application security, authentication mechanisms, and cloud security principles
• Ability to work cross-functionally with product, engineering, and security teams to integrate security at every stage of development
• Knowledge of container security (Docker, Kubernetes) and cloud platforms (AWS, Azure)
• Understanding of vulnerability management processes and security risk assessment frameworks

Responsibilities

• Conduct internal penetration testing on our product to identify security vulnerabilities and assess risk
• Perform security architecture reviews for new product features, ensuring robust design and threat mitigation
• Create, analyze, and critically review data flow diagrams (DFDs) to identify potential security weaknesses
• Collaborate with engineering teams to provide secure design recommendations and integrate security best practices
• Ensure thorough documentation and attention to detail in security assessments and findings
• Assist with vulnerability management, including reviewing security findings and prioritizing remediation
• Help develop and maintain security guidelines, best practices, and technical documentation
• Stay updated on the latest security threats, attack techniques, and defensive strategies
• Provide mentorship and security guidance to engineering teams when needed

Benefits

• Equity
• Benefits
• Remote work