Varo is on a mission to redefine banking so it's easy for everyone to make smart choices with their money. Our app offers bank accounts and high-yield savings accounts that don’t cost a thing, tools to help you manage your money and save automatically, and invitation-only personal loans at competitive rates. On the contrary, traditional banks charge fees, offer next-to-nothing savings rates, and don’t work with their customer’s best interests in mind.

Varo is distinct from other fintechs: With preliminary approval for a bank charter from the Office of the Comptroller of the Currency (OCC), we're on our way to becoming the first mobile-centric national bank in the country. Our unique team combines the best people in tech and banking, and we’re wildly passionate about keeping our customers happy by helping them manage and grow their money. Based in San Francisco and privately held, Varo has raised $178M to date, led by Warburg Pincus and The Rise Fund / TPG Growth.

ABOUT THE SECURITY ENGINEERING TEAM

Varo Security Engineering team is defined by its quest for learning and helping the organization conduct its business in a secure manner. The team often conducts brown bag sessions for the rest of the engineering team and is deeply involved in working hand to hand with engineers as we innovate in the banking industry.

ABOUT THE APPLICATION SECURITY ENGINEER ROLE

We are looking for hands-on individual with a white hat hacker mindset to join us in an Application Security Engineer Role. This position will assist with the build out of Varo Money’s application security program. You will be responsible for architecting, developing and deploying application security tools and technologies to protect the Varo Money’s platform and backend infrastructure.

WHAT YOU'LL DO

• Develop the secure SDLC process at Varo Money and perform static security code analysis (SAST) of the Varo Money’s code base on a regular basis and provide relevant recommendations to Varo Money’s developers.
• Perform dynamic application security testing (DAST) using open source and commercial tools before applications are deployed in production.
• Perform threat modeling on existing and upcoming feature set in the Varo Money application so that appropriate security controls can be built from the ground up.
• Review security alerts and reports on a daily basis and work closely with the DevOps team in any follow up investigation or remediation.
• Manage the bug bounty program at Varo Money and work with the developers for timely remediation of the reported issues.
• Manage external independent Application Security Testing and ensure timely remediation of issues.
• Identify all vulnerabilities originating from third party dependencies and ensuring timely remediation.
• Impart ongoing secure code and application security best practices training to developers.

SKILLS AND EXPERIENCES THAT'LL HELP YOU BE GREAT

• Bachelors in Computer Science or a related field
• 5+ years in a security engineering or operations role
• Strong knowledge of applied cryptography, web security, TLS/SSL, web authentication protocols such as OAuth/SAML
• Experience in using scripting languages e.g. Python, Perl, PHP, Ruby to automate tasks and manipulate data
• Experience with developing threat models (STRIDE, DREAD, etc.)
• Comfortable with security tools like Burp Suite, OWASP ZAP, CheckMarx, Veracode, MetaSploit, App Spider etc.
• Experience with automation tools like Ansible, Chef, Puppet, Jenkins desired but not a must have
• Experience with automated application testing tools/frameworks e.g. Selenium, SonarQube

THE THREE SKILLS THAT MATTER MOST

Nobody can be great at everything, but we’re looking for candidates who are extraordinary at: 

• Hands on experience with SAST and DAST tools
• Past development experience
• Security design review experience

OTHER NICE TO HAVES

• Experience with Web Application Firewalls (WAF) desired but not a must have

Learn more about Varo by following us at:

Facebook - https://www.facebook.com/varomoney/

Instagram - https://www.instagram.com/varomoney/

LinkedIn - https://www.linkedin.com/company/varo-money-inc./

Twitter - https://twitter.com/varomoney