Senior Product Security Engineer

Affirm, Inc.
Canada
$150K-$200K a year
Remote
Full-time

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.

Affirm values information security as a critical part of the company’s continued success. Our mission is to make information security programmatic and cultural in Affirm, enabling the company to succeed in building honest financial products.

The Security team posture increases security and reduces risk while securely enabling access to information for those who need it!

The Senior Product Security Engineer candidate will have experience building and architecting software as part of a larger team.

The ideal candidate will work effectively with product and engineering teams to evaluate and influence product requirements, design, and implementation to improve the security of Affirm’s products.

What You'll Do

  • Partner with Affirm product teams to ensure that security is included in every phase of the product development lifecycle.
  • Conduct threat modeling and architecture reviews to ensure threats are understood, documented, and mitigated.
  • Review and analyze product source code to identify security vulnerabilities and provide recommendations for secure implementation.
  • Seek out opportunities to automate processes when appropriate.
  • Identify emerging classes of vulnerabilities and developing solutions for them before they’re a problem.
  • Assist product teams in the development of security focused test cases to enforce security requirements.
  • Advise product teams on business security requirements early in the product development lifecycle.
  • Decompose large, cross-team projects into individual tasks. Manage scope across teams and drive toward project closure.

What We Look For

  • Deep understanding of web application architecture and design principles.
  • Experience using modern software development and delivery techniques to develop cloud-based services. Python, Kotlin, Java, AWS, and Azure experience preferred.
  • Knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
  • Experience with PCI or other regulated environments.
  • Experience conducting threat models for complex, distributed products using standard threat modeling techniques and methodologies.
  • Experience with standard authentication mechanisms, including SAML and OAuth2.
  • Understanding of continuous integration / continuous deployment processes and tools.
  • BS degree in related field or equivalent experience. MS degree in a related field or equivalent experience is a plus.

Pay Grade - N

Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills.

Base pay is part of a total compensation package that may include monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents).

In addition, the employees may be eligible for equity rewards offered by Affirm Holdings, Inc. (parent company).

CAN base pay range per year : $150,000 - $200,000

30+ days ago
Related jobs
Affirm, Inc.
Canada
Remote

The ideal candidate will work effectively with product and engineering teams to evaluate and influence product requirements, design, and implementation to improve the security of Affirm’s products. The Senior Product Security Engineer candidate will have experience building and architecting software...

Dropbox
Canada
Remote

As we evolve from syncing and sharing files to providing advanced solutions for collaboration and distributed work, we are looking for a Senior Software Engineer to join our Privacy Engineering team. Our Privacy Engineering team is crucial in ensuring that our products maintain the highest standards...

1Password
Canada
Remote

Own the delivery and success of security engineering projects that span engineering teams. Minimum of 4 years combined experience in software and/or security engineering. Hands-on experience building or implementing solutions in one or more of the following security problem domains on the production...

Dropbox
Canada
Remote

Our Product Engineers are at the forefront of crafting the seamless, intuitive user interfaces that millions rely on for their data interaction and collaboration needs. Our Engineering Career Framework is and describes what’s expected for our engineers at each of our career levels. Develop customer-...

Grammarly
Canada

To achieve our ambitious goals, we’re looking for a Security Engineer to join the Grammarly Product Security team. As a Security Engineer in Product Security, you will:. Partner with the product and engineering teams to integrate reproducible security practices into the product development lifecycle...

Dropbox
Canada
Remote

Product Engineers thrive working across technologies and codebases, but are also involved in leading various product development cycle stages. As we’re evolving the core business from syncing and sharing files, we are looking for Software Engineers to come build the next generation of new products f...

ClickUp
Canada

Build relationships with other engineers, product managers, data engineers, operators, and security team members to enable shipping a secure product. We're looking for a Security Engineer, AppSec for an engineering-focused security team. The security team at ClickUp works to build and share technolo...

1Password
Canada
Remote

Minimum of 4 years of combined experience in the IT or security space, related to enterprise security or Detection and Response. Partner with other members of the security organization to establish security guidelines that enable the organization to move fast in a safe and secure manner. Experience ...

BMO
Canada, Canada

The Application Security Testing Engineer reports to the Lead of DevSecOps and assists with the security testing activities for BMO based applications. The role will be responsible for the execution and coordination of Static and Dynamic Application Security Testing (SAST/DAST), provides information...

Equinix
Remote, Canada
Remote

Senior Staff Engineer, Product Software. We are looking for an experienced Senior DevOps Engineer to help us build and operate a highly scalable, available, and distributed multi cloud networking software stack. We hire hardworking people who thrive on solving challenging problems and give them oppo...