Credit Karma is a mission-driven company, focused on championing financial progress for our more than 100 million members in the U.S., Canada and U.K. While we're best known for pioneering free credit scores, our members turn to us for tips as they work on their financial goals, including helping them monitor their credit, identity monitoring, searching for credit cards, shopping for loans (car, home and personal), filing their taxes with Credit Karma Tax and growing their savings* -- all for free. Credit Karma has grown significantly through the years: we've added more than 70 million members in the last five years alone and now have more than 1,100 employees across our offices in San Francisco, Charlotte, Los Angeles, Leeds, London and soon Oakland.
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission as the Director of Application Security is to own the technology and process controls that govern the Software Development Lifecycle and prevent every last vulnerability class from being exploitable in production.
*Banking services provided by MVB Bank, Inc., Member FDIC
What you’ll do:
- Develop and grow a team of engineers to partner with software vertical leads to ensure that every Credit Karma product is Secure By Design
- Scale the security technology and tooling platform to require less manual human intervention for easily automatable controls, and create force multipliers for engineers to maximize the value of their work
- Evangelize the team's mission, painting a clear and concise picture of the strategy and expectations of product owners and engineers about their individual roles in software security and how Application Security works to support them
- Report assurance metrics to vertical leads and senior leadership, demonstrating comprehensive inventory of every attack surface, the state of testing and defensive coverage of those surfaces, and a real-time accounting of open risks accrued to each vertical
- Drive application security assurance with Credit Karma partners and vendors to ensure the safety of member data throughout a complex ecosystem
- Mature every aspect of a comprehensive software security program
What’s great about the role:
- Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe
- Solving frontier security problems at scale in a highly technology-focused team
- Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What we are looking for:
- 10+ plus years total with 5+ years experience leading security engineers and managing security programs
- Outstanding communication skills at all levels of the technology and product organizations, ranging from VPs to individual software developers
- Strong mentorship and coaching skills, both for existing application security engineers and developing new talent pipelines inside and outside the company
- Broad technical working knowledge of application security concepts, including offensive techniques, vulnerability classes, defensive techniques, and security architecture
- Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change
- A fun and positive attitude!
Equal Employment Opportunity
Credit Karma is committed to a diverse and inclusive work environment. We believe that such an environment advances long-term professional growth, creates a robust business, and supports our mission of championing financial progress for everyone. We offer generous benefits and perks with a single eye to nourishing an inclusive environment that recognizes the contributions of all and fosters diversity by supporting our internal Employee Resource Groups. We’ve worked hard to build an intensely collaborative and creative environment, a diverse and inclusive employee culture, and the opportunity for professional growth. As part of the Credit Karma team, your voice will be heard, your contributions will matter, and your unique background and experiences will be celebrated.
Credit Karma is also proud to be an Equal Opportunity Employer. We welcome all candidates without regard to race, color, religion, age, marital status, sex (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity or gender expression, national origin, veteran or military status, disability (physical or mental), genetic information, or any other protected characteristic. We prohibit discrimination of any kind and operate in compliance with the San Francisco Fair Chance Ordinance.