Staff Security Engineer - Application Security

Redwood City, California
Engineering – Security
Full-time
Are you looking for a high impact role where you would help build a secure and safer payment platform for millions of users? Would you be interested in testing the security of systems and software and also help define how security is implemented through various stages of the SDLC for all engineering teams and products?  Then the Staff Security Engineer with WePay is what you are looking for.

As a Staff Security Engineer with WePay, you will help define and implement creative techniques to protect WePay’s critical assets against a constantly changing threat landscape.  This individual will work closely with other engineering teams to assess the threat landscape, and design, build, perform ethical hacking and find creative ways to keep our critical assets safe.  They will make a decision around commercial/open source security testing tools we will add in our security solutions portfolio. This person who fills this role will have the opportunity to assess and improve security in emerging payment solutions such as mobile payment solutions.

Information Security at WePay is one of our highest priorities, therefore the ideal candidate will share a passion for engineering solutions to complex security problems while minimizing employee friction and maximizing productivity.  They will help build security payment products and making sure that the data that we are trusted to protect is secured to the highest standard.

What You Will Do

    • Support of security enhancement and development
    • Perform vulnerability testing, risk analysis, and security assessments
    • Ensure that identified issues are prioritized and addressed in an appropriate timeframe
    • Interact directly with the external security community (e.g. bug bounty program) regarding security vulnerabilities and threats
    • Write secure applications and services through design, development, and implementation of secure software development practices
    • Collaborate and advise engineering teams on building authentication, authorization and encryption solutions
    • Research emerging technologies and maintain awareness of current security risks
    • Help to develop security training and education for our software engineers

What We Are Looking For

    • Minimum 7+ years of experience in the information security field
    • In-depth knowledge of Web application Vulnerabilities and ability to articulate their impact on technical and business users
    • Experience with performing Threat Modeling and designing secure Architecture
    • Experience with creating and supporting Secure Software Development Lifecycle
    • Experience with dynamic and static web application testing tools
    • Knowledge of traditional and cloud Architecture, experience of Google Cloud or other public and private cloud technologies a plus
    • Excellent analytical skills, organizational skills, ingenuity and the ability to work as part of a team
    • Experience of HTML5, Java, Javascript, PHP, Python, MySQL is a plus
    • Knowledge of mobile application security, including experience implementing security controls, is a plus
    • Experience working with security vendors, including submitting feature requests, evaluating products and analyzing security functionality of a diverse set of product a plus
    • Experience with securing cloud environments a plus


About WePay

WePay’s mission is to make commerce seamless. Our products help software companies integrate payments into their applications – thereby empowering small businesses and individuals to get paid easily and quickly using their go-to apps and software. Our customers include BigCommerce, GoFundme, Meetup and Freshbooks, just to name a few. By joining forces with JPMorgan Chase, a global financial services firm with over $2.5 trillion in assets that serves millions of customers worldwide, WePay is now able to connect our customers seamlessly into a range of banking services beyond payments. WePay is a unique place to work and offers the best of both worlds. WePay has a FinTech startup culture that emphasizes transparency, collaboration and career growth, with the ability to work on small, nimble teams. However, now combined with the power of JPMorgan Chase, employees are also able to create change at scale and have an opportunity to truly disrupt and shape FinTech.

You can find more information at wepay.com

To all recruitment agencies: WePay does not accept agency resumes. Please do not forward resumes to our jobs alias, WePay employees, or any other company location. WePay is not responsible for any fees related to unsolicited resumes.