Varo is an entirely new kind of bank. All digital, mission-driven, FDIC insured, and designed for the way our customers live their lives.
A bank for all of us.
About the Security Team
Varo's Security Engineering team's mission is to help the organization conduct business in a secure manner. The team works hand-in-hand with engineers across the organization as we innovate in the banking industry. We practice the "DevSecOps" philosophy and build security automation early into the process of everyday engineering functions from software engineering, to cloud infrastructure, and IT.
About the Application Security Engineer Role
We are looking to hire a hands-on individual with a white hat hacker mindset with prior software development experience to join us in an Application Security Engineer Role. You will be responsible for architecting, implementing, and communicating application security tools, technologies, and best practices to protect Varo Bank's infrastructure and customers.
As Application Security Engineer, you'll...
- Design, document, and review application architecture from a security perspective
- Identify any potential security gaps in existing application infrastructure and work with appropriate stakeholders for remediation
- Establish secure software development guidelines and perform security code and design reviews
- Perform Threat Modeling using frameworks like STRIDE
- Perform due diligence in ensuring that appropriate technology solutions are chosen to facilitate security at the application level
- Perform static and dynamic application security testing and work with developers towards remediation of any identified issues
- Implement application security automation by integrating SCA, SAST, and DAST tools into the CI/CD pipeline
- Has performed Security Design Reviews or created Threat Models
- Has hands-on experience with SCA, SAST, and DAST
You have the following required experience...
- Bachelors in Computer Science or a related field w/ 3+ years of experience in an application security engineering role
- Strong knowledge of applied cryptography, web security, IAM, TLS/SSL, TCP/IP, and web authentication protocols such as OAuth/SAML
- Proficient primarily in Java/Kotlin and some other language such as Python or Go
- Knowledge of Threat Modeling frameworks like STRIDE and hands-on experience performing threat modeling
- Proficient with security tools such as Burp Suite, OWASP ZAP, Snyk, MetaSploit, App Spider etc.
- Experience with automation and CI/CD tools such as Terraform, Ansible, and Gitlab
- Experience with iOS and Android Mobile Application Security concepts is desirable
Varo launched in 2017 with the vision to bring the best of fintech into the regulated banking system. We're a new kind of bank - all digital, mission-driven, FDIC-insured, and designed around the modern American consumer.
As the first consumer fintech to be granted a national bank charter in 2020, we make financial inclusion and opportunity for all a reality by empowering everyone with the products, insights, and support they need to get ahead. Through our core product offerings and suite of customer-first features, we aim to address a broad range of consumer needs while profitably serving underserved communities that have been historically excluded from the traditional financial system.
We are growing quickly in our hub locations of San Francisco, Salt Lake City, and Charlotte along with colleagues located across the country. We have been recognized among Fast Company's Most Innovative Companies, Forbes' Fintech 50, and earned the No. 7 spot on Inc. 5000's list of fastest-growing companies across the country.
Varo. A bank for all of us.
Our Core Values
- Customers First
- Take Ownership
- Stay Curious
- Make it Better
Varo is an equal opportunity employer. Varo embraces diversity and we are committed to building teams that represent a variety of backgrounds, perspectives, and skills. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.