• Application Deadline:
• Position: Senior Application Security Engineer


• Job Type Full Time , Remote


• Qualification BA/BSc/HND


• Experience


• Location Not specified


• Job Field ICT / Computer 
  

About Our Tech Stack

• Node.js + Typescript service-based architecture


• React Native Android / iOS application


• PostgreSQL application databases


• RabbitMQ for inter-server communication


• Server hosting on Heroku and Google Cloud Platform


• Fully automated CI / CD using Heroku CI and Github


• Application monitoring with Datadog, Logz.io, and Amplitude


• Snowflake for data warehousing and analysis


• Python for in-depth data analysis, transformation, and reporting

What you will work on:

• Security engineering at Chipper spans the full-stack - this role involves gaining an understanding of the technical architecture of the Chipper Platform, continuously examining different attack surfaces, and proactively identifying and implementing security-hardening measures.


• Security engineering at Chipper is also a heavily collaborative role. Security is a principle that permeates everything that we work on, and the security engineering team works with a wide variety of other teams in order to spread understanding of potential vulnerabilities and to instill a security-focused mindset within everything we do.

Responsibilities

Some examples of responsibilities include:

• Actively participating in project planning, code reviews, and spec reviews, to assist in hardening the design and implementation of a wide variety of projects


• Collaborating with the the data intelligence team to identify new queries, analysis pipelines, ML models, and alerts to be built in order to detect security-relevant activity


• Working with the DevOps team to verify full firewall coverage, and managing internal key storage and access controls


• Integrating with new security software vendors and managing current security-related software integrations


• Orchestrating penetration tests and other security-related accreditations with external firms


• Working with different product teams to harden various 3rd-party API integrations with enhanced connection verification and scheduled credential rotations


• Brainstorming with the design team to create user-facing systems that are secure and easy to use

Requirements

What you should have:

• The role isn't very focused on being an expert on any specific security domain (such as in a specific language or framework or layer of the application stack) - the most important skills are:


• Having an inquisitive, curious, and investigative mindset - thriving at independently reviewing designs and codebases and seeking out potential vulnerabilities


• Broad full-stack technical ability - being able to quickly gain familiarity with different technologies in-use throughout the team in order to competently understand the code and system designs

Great to have:

• Past experience in a role with significant security engineering responsibilities


• Past experience with fintech and early-stage startups


• Leadership interest and/or experience


• Familiarity with our tech stack - Node.js, Typescript, Python, React Native, RabbitMQ, PostgreSQL, Snowflake


• Familiarity with our tool stack - ELK, Datadog, Cloudflare, Heroku, AWS, GCP, Retool