Back River Search Group

Security Engineer

Back River Search - San Francisco, CA


Our client is dedicated to helping our members lead healthy financial lives. That’s why we offer an award-winning bank account that doesn’t charge unnecessary fees, gives members early access to their paychecks, and helps them save money automatically. Hundreds of thousands of people use their mobile app and debit card to make purchases, track spending, save for the future, and more.

They believe the big banks fail to help their members achieve financial health - and in many cases work against it, charging hundreds of dollars in hidden fees and pushing products that drive people into debt. They don’t think it needs to be this way, so we’re out to beat them.

They have one of the most experienced management teams in Fintech and just raised a $70M Series C funding round, led by Menlo Ventures, to fuel their growth. If you’re looking to join a small but fast-growing company with a beloved, daily-use product and an authentic mission that puts people first, we want to meet you.

Our client is a technology and data-driven consumer bank. We are amassing vast amounts of data that we want to use to ensure the best practices in risk management, new user acceptance, information security, underwriting, and more. Our ML and Data Science team occupies a critical role in the company, creating models and infrastructure that allow us to evaluate events in realtime in new, efficient, and accurate ways so as to minimize fraud and scale our ability to manage risk.

About the Role:

blockAs the Cyber Vulnerability Management Engineer (CVME), you are a collaborative, analytical, detail-oriented engineer who can articulate risk, manage complex projects, and build trust in other departments to secure technology ecosystems in a rapidly-growing fintech company. You are responsible for tracking the progress of PCI and other compliance programs and performing or coordinating the necessary technical changes to ensure compliance. You will also be responsible for the full lifecycle of system vulnerabilities ranging from CVEs to app-specific weaknesses identified through scanning and penetration testing.


  • Manage the lifecycle of a continuous vulnerability scanning program encompassing internal and public-facing IT assets
  • Liaise with key stakeholders across the company for improved communication, coordination and process improvement, including IT, Engineering, Ops and Product Management
  • Define and implement risk ratings, models, and hierarchies to identify the impact, severity and overall risk of vulnerabilities
  • Track, measure, correlate and report on vulnerability identification, stakeholder notification, and remediation
  • Analyze/report vuln trends over time to identify problem areas
  • Provide vulnerability insight to inform the company’s cybersecurity risk assessment process for applications, vendors, systems, and services
  • Be the primary person responsible for security and privacy compliance engineering for including PCI compliance, CCPA, SOC2 compliance, and others, as needed

Manage the following initiatives:

  • Penetration testing
  • Bug Bounty
  • Developer (software security) education
  • Security awareness
  • Security compliance
  • Brand monitoring


  • Lead automation efforts in the detection, categorization, reporting, tracking, and remediation of identified vulnerabilities
  • Scope and facilitate independent penetration testing performed by third parties
  • Create a vulnerability repository architecture & implement
  • Integrate between security tools and the Vulnerability Repository
  • Create an automated CVSS-style vulnerability scoring or severity normalization algorithm

What we offer:

  • Competitive salary based on experience, with medical and dental benefits.
  • Free snacks and drinks, plus weekly catered lunches.
  • Flexible vacation policy.
  • Monthly happy hours and company events.
  • Dog-friendly office.
  • A challenging and fulfilling opportunity to join one of the most experienced teams in FinTech and help create a completely new kind of bank.

Posted On: Tuesday, February 12, 2019

Apply to this job