Security Engineer

Redwood City, CA
Engineering
Full-time

At Wealthfront we have an ambitious vision to optimize and automate all your personal finances. By delivering our service exclusively through software, we can also offer very low fees and account minimums. Over the past six years our clients have rewarded us with $10 billion to manage and we have attracted some of the best venture capital firms in the business including Benchmark Capital, Greylock, Index Ventures and Social Capital. We recently closed a $75 million round of funding from Tiger Global and are rapidly growing our team. So if you're passionate about helping people secure their ambitions while helping to change an industry, keep reading.

The Security team's mission is to secure our products and by extension, protect our clients and their accounts. Our security program has two goals: being security specialists for our product and engineering teams and ensuring the security of Wealthfront’s systems and data.

Reporting to our Head of Security, you'll work with staff across the company, to enhance the security of our product throughout the development and deployment lifecycle. At Wealthfront, Security is part of our Engineering organization, so you’ll need to be comfortable engaging as a partner and collaborator.

Responsibilities

    • Ensure the security of our codebase, production infrastructure and client data
    • Collaborate with engineering and product to continuously improve our security posture
    • Mentor engineers on security engineering and best practices
    • Identify, coordinate, lead, and deliver security projects
    • Build automated security tests, tooling, monitoring, and alerting
    • Research security vulnerability disclosures and design and propose appropriate mitigations
    • Participate in security response and join the security on-call rotation (~ 1 week / month)

Requirements

    • Mandatory: 2+ years engineering experience in any security domain (eg: SDL, pentesting, fuzzing, threat modeling, attack surface reduction, source code analysis tools, vulnerability scanning, SIEM, threat intel, SecOps, CorpSec, ProdSec, DevOps)
    • Understanding of current security threats, real-world attacks and mitigations
    • Ability to evaluate and clearly communicate security options and tradeoffs
    • Significant knowledge of secure coding practices, and a passion for helping other engineers embody them
    • Experience programming in at least one scripting language
    • BS or MS in computer science or related field, or equivalent professional experience

Relevant Skills

    • We employ engineers with diverse backgrounds, and you’ll be a good candidate for this position if you have experience in any of the following:
    • Software development experience in Java
    • Automated testing, continuous integration / continuous deployment (Jenkins), or configuration management (Chef / Puppet)
    • Hands on experience analyzing network traffic (HTTP, TLS, DNS, etc)
    • Linux systems, TCP/IP networking, routing, firewalls, or IDS
    • Experience with secure networking best practices
    • Experience implementing security features in hybrid bare-metal/hosted environments such as full disk encryption
    • Tools such as: burpsuite, w3af, BeEF, Nessus, Nexpose, Seccubus, shodan, Metasploit, Qualys, tcpdump, or wireshark
    • Familiarity with ops-trust, FIRST, OWASP, NIST, CVE, CVSS, etc

About Wealthfront: For more information please visit www.wealthfront.com.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

This position is open to any individual currently authorized to work lawfully in the United States, and Wealthfront sponsors visa transfers for candidates if required. International candidates who are eligible for visas that are not subject to USCIS visa cap restrictions (eg: E-3, O-1A & TN) are also welcome to apply. Additionally, Wealthfront sponsors permanent residence applications for employees with no cooling-off period.