Varo is on a mission to redefine banking so it's easy for everyone to make smart choices with their money. Our app offers bank accounts and high-yield savings accounts that don’t cost a thing, tools to help you manage your money and save automatically, and invitation-only personal loans at competitive rates. On the contrary, traditional banks charge fees, offer next-to-nothing savings rates, and don’t work with their customer’s best interests in mind.

Varo is distinct from other fintechs: With preliminary approval for a bank charter from the Office of the Comptroller of the Currency (OCC), we're on our way to becoming the first mobile-centric national bank in the country. Our unique team combines the best people in tech and banking, and we’re wildly passionate about keeping our customers happy by helping them manage and grow their money. Based in San Francisco and privately held, Varo has raised $178M to date, led by Warburg Pincus and The Rise Fund / TPG Growth.

ABOUT THE SECURITY ENGINEERING TEAM

Varo Security Engineering team is defined by its quest for learning and helping the organization conduct its business in a secure manner. The team often conducts brown bag sessions for the rest of the engineering team and is deeply involved in working hand to hand with engineers as we innovate in the banking industry.

ABOUT THE APPLICATION SECURITY ARCHITECT ROLE

We are looking to hire a hands-on individual with a white hat hacker mindset with prior development experience to join us in an Application Security Architect Role. This position will assist with the build out of Varo Money’s application security program. You will be responsible for architecting, developing and deploying application security tools and technologies to protect the Varo Money’s platform and backend infrastructure.

WHAT YOU'LL DO

• Design, document and review application architecture from a security perspective
• Identify any gaps in existing application security infrastructure and work with appropriate stakeholders for remediation
• Establish secure software development guidelines and in performing security code and design reviews
• Perform Threat Modeling using frameworks like STRIDE
• Perform due diligence in ensuring that appropriate technology solutions are chosen to facilitate security at the application and platform level
• Perform static and dynamic application security testing and work with developers on remediation on identified issues
• Deploy application security automation by integrating SAST and DAST tools in the CI/CD pipeline

SKILLS AND EXPERIENCES THAT'LL HELP YOU BE GREAT

• Bachelors in Computer Science or a related field
• 5+ years in a security engineering or operations role
• Strong knowledge of applied cryptography, web security, IAM, TLS/SSL, web authentication protocols such as OAuth/SAML
• Experience in using scripting languages e.g. Python, Perl, PHP, Ruby to automate tasks and manipulate data
• Knowledge of Threat Modeling frameworks like STRIDE and hands on experience performing threat modeling
• Comfortable with security tools like Burp Suite, OWASP ZAP, CheckMarx, Veracode, MetaSploit, App Spider etc.
• Experience with automation tools like Ansible, Chef, Puppet, Jenkins desired but not a must have
• Experience with automated application testing tools/frameworks e.g. Selenium, SonarQube
• Experience with user/customer identity management, authentication and authorization frameworks. 
• Experience with iOS and Android platform level Mobile Application Security concepts is desirable

THE THREE SKILLS THAT MATTER MOST 

Nobody can be great at everything, but we’re looking for candidates who are extraordinary at: 

• Past development experience
• Security design review/Threat Modeling experience
• Hands on experience with SAST and DAST tools

OTHER NICE TO HAVES

• Experience with Web Application Firewalls (WAF) desired but not a must have

Learn more about Varo by following us at:

Facebook - https://www.facebook.com/varomoney/

Instagram - https://www.instagram.com/varomoney/

LinkedIn - https://www.linkedin.com/company/varo-money-inc./

Twitter - https://twitter.com/varomoney