As the first security engineer hire it can not be stressed enough how pivotal and foundational your work will be to the company.
About Grain:
Grain turns your debit card into a credit card by syncing with your primary checking account, analyzing your cashflow; then offering up a line of credit tailored to you (not your credit score). We never run a credit check. We never reject anyone. We don’t issue a physical card. Millennials, Gen Zs, and immigrants are using Grain as an alternative to the credit card in order to establish credit history or ease their cash flow.
We're challenging the notion that debit and revolving credit need to be distinct, siloed products. We believe that one should very much inform the other - one card with access to both.
We’re a YC-backed and venture funded startup. Since launching last year, we’ve been growing about 127% MoM on average with a 4.8 ratings on the App Store.
What you'll do:
- Audit, assess, and grade our current security level and make recommendations and policies
- Identify and establish the company's attack surface and possible risk
- Investigate incidents and attacks using centralized logging tools
- Create internal penetration tests and manage 3rd party penetration tests
- Recommend and setup threat detection and monitoring services
- Automate vulnerability discovery
- Support product development by recommending and implementing security processes
- Identify security requirements that map to product features
- Setup IAM and access management in AWS and other tools
- Establish an incident report and management process
- Educate engineering team on security best practices and risks
- Communicate technical concepts and issues to the non-technical
- Instill a culture of security across the company; become the security expert
- Assist in building out the security team; interviewing
About you:
- 5+ years as a security engineer or comparable title
- Experience in securing production cloud infrastructure and applications (managing secrets, securing CI/CD pipeline, authorization/authentication protocols, Web Application Firewalls, etc)
- Experience in using centralized logging and monitoring systems for investigation and audits (Elasticsearch, Kibana, Grafana, Papertrail, NewRelic, etc)
- Strong knowledge of common exploits, vulnerabilities, attack methods and defensive strategies (Endpoint Detection & Response, XSS, Man-in-the-Middle, etc)
- Direct experience in cyber attack recovery and resolution
Understanding of different cryptographic algorithms and their application
- Experience with scripting and automation (Python, JavaScript, etc)
- Experience with AWS and AWS services
- Experience with bug tracking tools and software development
- Organized; team and goal oriented
Bonus points:
- Familiar with compliance standards (SOC 2, NIST, PCI DSS, etc)
*Familiar with Cybersecurity frameworks (NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK)
- Security certificate holder (OSCP, OSWP, CISSP, CISM, CISA, CEH, CIPP, etc)
- Participation in Cybersecurity competition (Global Cyberlympics, Cyber quests, iCTF Competition)
- Experience in FinTech
- Experience in financial fraud detection and prevention techniques and strategies
- Experience with backend software development (JavaScript, NodeJS)
- Experience in small to mid startups
Benefits & Perks:
- Medical
- Dental
- Vision
- $1,500.00 professional development budget
- Fitness/Wellness reimbursement
- Internet reimbursement
- Home office $1,000.00 stipend
- Unlimited PTO with manager approval
- Mental health days off
- Annual company offsite