Senior Product Security Engineer collaborating with product teams to enhance security at Affirm. Involved in threat modeling, source code review, and security best practices throughout product lifecycle.
Responsibilities
Partner with Affirm product teams to ensure that security is included in every phase of the product development lifecycle.
Conduct threat modeling and architecture reviews to ensure threats are understood, documented, and mitigated.
Review and analyze product source code to identify security vulnerabilities and provide recommendations for secure implementation.
Seek out opportunities to automate processes when appropriate.
Identify emerging classes of vulnerabilities and developing solutions for them before they’re a problem.
Assist product teams in the development of security focused test cases to enforce security requirements.
Advise product teams on business security requirements early in the product development lifecycle.
Decompose large, cross-team projects into individual tasks. Manage scope across teams and drive toward project closure.
Requirements
Deep understanding of web application architecture and design principles
Experience using modern software development and delivery techniques to develop cloud-based services. Python, Kotlin, Java, AWS, and Azure experience preferred.
Knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
Experience with PCI or other regulated environments.
Experience conducting threat models for complex, distributed products using standard threat modeling techniques and methodologies.
Experience with standard authentication mechanisms, including SAML and OAuth2.
Understanding of continuous integration / continuous deployment processes and tools.
BS degree in related field or equivalent experience. MS degree in a related field or equivalent experience is a plus.
Benefits
Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount
Security Developer coordinating vulnerabilities and malware issues for the Python Software Foundation. Collaborating with teams to enhance security practices and document threat models.
Presales Security Expert supporting sales leads and educating customers on security at Fortinet. Responsible for technical resource during sales calls and post - sales training.
IAM Director managing customer - facing identity and access management security programs at RBC. Assessing risks, developing controls, and ensuring compliance with standards and regulations.
Lead AI Red Team focusing on adversarial testing and security for enterprise - scale AI systems. Collaborate with engineering and compliance to map vulnerabilities and document findings.
Intern in operational security at Investissement Québec, supporting security alert management and vulnerability tracking in a supervised learning environment.
IT Information Security Lead at Mirego, responsible for technology and information security management. Overseeing compliance and IT strategies while maintaining operational efficiency.
Cybersecurity Specialist focusing on offensive security for Exposant 3. Performing penetration testing, security audits, and team knowledge transfer in a hybrid work setup.
Financial security advisor in life and health insurance, developing and maintaining client relationships. Selling insurance products and assessing customer needs to provide personalized solutions.
Senior Security Engineer designing and maintaining Microsoft 365 security solutions at ResMed. Focusing on compliance, incident response, and collaboration with global teams.
Senior Infrastructure professional solving practical security challenges and improving enterprise systems security at Confluence. Focused on implementation, remediation, and secure operations across Windows and Linux environments.