Senior Application Security Engineer

Job Description

About Us

Venmo was founded on the principles of breaking down the intimidating barriers around financial transactions to make them intuitive, friendly, and even fun. And it worked: people love sending money with Venmo, and we’re growing by leaps and bounds!

But we’re only just getting started. We want to take that magic of sending money with Venmo and cascade it into every place where people use money. That means connecting people to their money in the most intuitive and fun way possible, then connecting people with each other. Users already love Venmo, but we know there are lots of things we haven’t thought of to make the experience of using Venmo even more delightful and valuable. All that’s going to take a lot of figuring out. Let’s figure it out together!

Information Security at Venmo

Join our highly proficient team of Security Engineers working to make Venmo more secure. Drive the building and adoption of new security tools and technologies while supporting day-to-day security activities from code reviews, vulnerability testing and remediation, incident handling and alerting and monitoring. Come join a team driven to improve the Venmo security posture through innovation, automation, and excellence.

Application Security Engineer

As an Application Security Engineer, you will be pivotal in driving secure coding and SDLC efforts including secure code reviews, project security reviews, penetration testing, and application scanning processes. You will be in the thick of it daily, driving bug remediation, meeting with project teams to identify and secure changes in new functionality and stay on the forefront of bug identification and patching efforts. You will partner with your fellow security engineers to keep Venmo growing and secure!

• Support manual and automated code coverage efforts across all our code base
• Manage security integration into the SDLC process at Venmo
• Manage security integration into the CI/CD pipeline
• Manage integration with manual and automated tools for static and dynamic testing
• Identify areas for automation and tooling to increase code coverage
• Establish metrics and reporting to track coverage and effectiveness of security processes
• Leverage the tools and processes used throughout PayPal and Venmo
• Engage with product and developers to conduct security reviews and define security requirements
• Help evolve Venmo security features and services and manage security technical debt
• Manage Venmo product security bug intake and remediation process
• Mentor junior members of the team and act as a subject matter expert for application security issues
• Collaborate on security initiatives and promote security standards across PayPal and Venmo
• Conduct threat modeling and risk analysis to identify exposure and develop mitigation plans
• Become a representative for the Venmo Information Security program

• Strong experience in web and mobile application security issues
• Strong experience in distributed platform development security and design
• In-depth knowledge of web and mobile security standards and best practices (OWASP, etc.)
• Strong foundation in core information security principles and concepts (HTTPS, TLS, OAuth, etc.)
• Experience with industry tools and technologies such as Burp, Metasploit, etc.
• Working knowledge of common languages such as Python, GO, Javascript, Java, etc.
• Familiarity in public cloud security deployment and implementation issues (AWS)
• Familiarity with audits and standards requirements such ISO 27001, PCI DSS, SOC 1 & 2, etc
• Proven expertise in enterprise-grade and web scale security solutions
• Ability to explain complex security topics in simple terms
• Ability to lead and project manage multiple security initiatives

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don't hesitate to apply.