Redwood City, CA
At Wealthfront we have an ambitious vision to optimize and automate all your personal finances. By delivering our service exclusively through software, we can also offer very low fees and account minimums. Over the past six years our clients have rewarded us with $10 billion to manage and we have attracted some of the best venture capital firms in the business including Benchmark Capital, Greylock, Index Ventures and Social Capital. We recently closed a $75 million round of funding from Tiger Global and are rapidly growing our team. So if you're passionate about helping people secure their ambitions while helping to change an industry, keep reading.
The Security team's mission is to secure our products and by extension, protect our clients and their accounts. Our security program has two goals: being security specialists for our product and engineering teams and ensuring the security of Wealthfront’s systems and data.
Reporting to our Head of Security, you'll work with our engineering teams to enhance the security of our product throughout the development and deployment lifecycle. At Wealthfront, Security is part of our Engineering organization, so you’ll need to be comfortable engaging as a partner and collaborator.
- Drive our security efforts around vulnerability discovery and remediation
- Perform penetration tests and security reviews, and coordinate activities across our security testing vendors and bug bounty program
- Hunt for security weaknesses, misconfigurations and insecure code within our environment
- Identify, coordinate, lead, and deliver security projects
- Build automated security tests, tooling, monitoring, and alerting
- Research security vulnerability disclosures to identify new threats
- Participate in security response and join the security on-call rotation (~ 1 week / month)
- Mandatory: 2+ years experience in one of the following security domains: pentesting, fuzzing, source code analysis, vulnerability scanning, threat intelligence
- Understanding of current security threats, real-world attacks and mitigations for web applications and supporting infrastructure
- Proficiency in incident management and response processes
- Ability to evaluate and clearly communicate security options and tradeoffs
- Knowledge of secure coding practices, and a passion for helping other engineers embody them
- Experience programming in at least one scripting language
- BS or MS in computer science or related field, or equivalent professional experience
- We employ engineers with diverse backgrounds, and you’ll be a good candidate for this position if you have experience in any of the following:
- Development experience using Java, Python, Go, or Ruby
- Knowledge of web application vulnerabilities and attack methods including CSRF, XSS, file include, SQL Injection etc.
- Experience with threat modeling, web application security assessments, and security testing methodologies such as fuzzing and source code analysis
- Threat management and IOC sharing (STIX)
- Familiarity with ops-trust, FIRST, OWASP, NIST, CVE, CVSS, etc
- Tools such as: burpsuite, w3af, BeEF, Nessus, Nexpose, Seccubus, shodan, Metasploit, Qualys, tcpdump, or wireshark
- Automated testing, continuous integration / continuous deployment (Jenkins), or configuration management (Chef / Puppet)
About Wealthfront: For more information please visit www.wealthfront.com.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
This position is open to any individual currently authorized to work lawfully in the United States, and Wealthfront sponsors visa transfers for candidates if required. International candidates who are eligible for visas that are not subject to USCIS visa cap restrictions (eg: E-3, O-1A & TN) are also welcome to apply. Additionally, Wealthfront sponsors permanent residence applications for employees with no cooling-off period.