Senior SecDevOps Engineer
New York, NY /
SeedFi is a mission-driven startup dedicated to improving the financial well-being of the 100 million Americans who live paycheck to paycheck. Our mission is to help our customers realize their financial potential by providing responsible credit while helping them establish savings and improve their credit profiles
Unlike most startups in this space, which tweak existing products, we're re-imagining financial services from the ground up. Our goal is to leave our customers better off than when we found them.
About the role
As our first SecDevOps engineer, you will manage and secure our financial lending system, which includes everything from securing and handling our cloud provider (AWS), helping with deploys and deployment systems, infosec policies, working with our engineers to secure our application with industry leading methodologies, SOC certification, data protection, penetration tests, incident response, security investigations, audit third party relationships, work with other team members to ensure that software is secure as it is being developed, and more.
This is your opportunity to be an early team member at a well funded fintech startup that has a successful founding team on a mission to help the 100M Americans who live paycheck to paycheck build credit and save money. This will be our first DevSecOps hire - so you’ll be able to have an influence on just about everything!
What you'll be doing
- Design, build, and own the security mechanisms and features that we use to protect the entire lifecycle of our lending and payment products in production and at scale.
- Drive the development of Security and DevOps culture, process, and pipeline.
- Review critical sections of our code base and pentest high risk endpoints.
- Establish processes classifying risks in application or design changes before public releases.
- Build, prototype, implement, and automate vulnerability discovery and reporting tools.
- Validate, risk rank, document, and prioritize remediation for external vulnerability reports and 3rd party security assessments
- Encourage and train developers in secure coding practices.
- Continuously improve our Application Security Program and actively take part influencing its roadmap.
- Manage SOC certification and ongoing processes.
We're not looking for a security messiah who takes care of all of our security-related problems. We understand that good security requires a team-wide commitment and we're looking for a leader who can show us the way.
What we're looking for
- Deep knowledge about best security practices for software companies.
- Ideally 5+ years experience in a related role and up-to-date with SecDevOps culture & principals.
- Bonus points - fintech or lending/payments experience.
- Experience securing large-scale web & mobile applications, ideally using technologies like TypeScript, React, Node, AWS, ECS, Docker, Terraform, Redis, Postgres.
- Pragmatic and good at prioritization -- we want someone who can discern between actual security and security theater and advocate for the most important things.
- Excellent communication skills -- we want someone who can be a great consensus-maker, who can get all the right people in the room, communicate why things are important, and make a plan to get things done.
- Black boxes have their limits -- we hope you enjoy getting your hands dirty and diving into codebases yourself.
- If possible, review our Typescript / Terraform code and make pull requests yourself.
- Ideally, you've worked in a quickly growing company and you're empathetic to the many balls a company has to juggle.
We’re in a high-growth phase of our business and this is an opportunity to get in on the ground floor as we scale our initial products and build new financial products from scratch. Our ambitions are endless. Come help us build something great.
- Competitive compensation, equity, and benefits.A focus on transparency.
- We have regular all-hands and Q&A panels where employees can chat openly with our co-founders about our roadmap.
- Meaningful work that makes people's lives better.
- An inclusive and collaborative work environment that encourages agency and self-development.
- Our founding team has deep experience building and scaling fintech (and tech) companies from inception to profitable 1,000+ person businesses. Some of the companies we have helped build are: Oportun, Moat, and Prosper.
- Our engineering team comes from Moat, Bloomberg, ZocDoc, CreditKarma, Chime, and other great companies.
- We've raised $34 million of venture capital from some of Silicon Valley’s top venture capital and social impact funds including a16z, Flourish, and Core Innovation Capital.
- We have offices in San Francisco and New York.
- We are starting to reintegrate in-office time into our working routines with a long-term vision of creating a hybrid working environment that mixes in-office and remote time.
- Our goal is to utilize in-office time to effectively collaborate on complex projects and problems, build relationships across the organization, and engage in social activities.
- We also want to embrace the efficiency and effectiveness we have experienced over the last year and a half in getting individual contributor work done remotely.
- Specific working routines may vary depending on your role.