Sr. Product Security Engineer

About the role

The Security Engineering team is a trusted partner throughout the organization who work hard to make Betterment the most secure place for our customers' money. We do this by building tools for our development teams, improving the security and integrity of our systems, and adding monitoring and visibility into our services. This helps us move faster and smarter, all while done within a highly regulated and secure environment.

We write, review, and advise in Ruby, Javascript, Java, and Python just to name a few of our popular languages. We leverage a number of technologies to power our tools and platform, including AWS, Kubernetes (EKS), Helm, Terraform, Datadog, CircleCI, and Splunk. As an engineer on the Security Engineering team, you'll help deliver new products, tools, and systems in a secure manner that make engineering more impactful and help keep our customers safe and happy!

This role is remote eligible. Below we've reflected the base salary range we would offer for this position in locations with city or state requirements. For those located elsewhere, the actual compensation offered will be based on candidate experience and geographic location. Actual salaries may vary depending on factors including but not limited to location, experience, and performance. The range listed is just one component of Betterment's total compensation package for employees.

• New York City: $205,000 - $215,000

We offer a competitive equity package, health, dental and vision benefits, life and AD&D, short-term and long-term disability insurance, EAP, commuter and parking benefits FSA/HSA, and 401(k) with employer match as well as a flexible PTO policy. This job may also be eligible for variable compensation in the form of a company incentive bonus.

A day in the life

• Lead and collaborate on product security initiatives strengthening our engineering practices
• Write and review customer facing code to resolve security concerns alongside product development engineers
• Conduct threat modeling exercises, architecture reviews, and offensive security engagements with product teams
• Innovate with modern cloud technologies to secure systems such as CI/CD, sensitive data storage, mobile design, front end web services, and more
• Provide mentorship and education for security and software engineering excellence

What we're looking for

• 5+ years of experience building software
• Deep experience and understanding of securing modern web apps (OWASP top 10, CWEs, and language specific application security issues)
• Experience working in a product setting where the needs of the business and users must be weighed against security requirements
• Experience with exploiting common security vulnerabilities and fixing them
• Experience building high-availability distributed systems and services with any Object Oriented Programming language
• Experience with the Linux command line interface
• Experience with securing AWS cloud infrastructure (EC2, RDS, S3, VPCs)
• Experience with any of these technologies is a plus: GraphQL, React, CircleCI, Kubernetes, Terraform, Postgres