ABOUT VARO

Varo is on a mission to empower hard-working Americans to achieve greater financial resilience; arming them with the products and support they need to create healthy financial habits and reduce financial stress. Through its mobile app, Varo offers customers premium bank accounts that have no minimum balance requirement or monthly account fees, high-interest savings accounts, and solutions to build, repair, and access credit. Varo’s state of the art technology provides tech-first features to help people achieve their financial goals and manage their money more easily. 

Varo is distinct from other fintechs: Varo is the first fintech to be granted preliminary approval for a de novo national bank charter by the Office of the Comptroller of the Currency (OCC), the first to receive approval from the FDIC for federal deposit insurance, and is weeks away from opening the first mobile-centric national bank in U.S. history. Our unique team combines the best of tech and banking, and we’re wildly passionate about keeping our customers happy by helping them manage and grow their money. Our teams are based in San Francisco and Salt Lake City. Privately held Varo has raised over $400M to date, from leading institutional investors and strategic partners including Warburg Pincus, The Rise Fund / TPG Growth, Gallatin Point Capital, Harbourvest Partners, Progressive Insurance, and iHeartMedia.

ABOUT THE SECURITY ENGINEERING TEAM 

Varo’s Security Engineering team’s mission is to help the organization conduct business in a secure manner. The team works hand-in-hand with engineers across the organization as we innovate in the banking industry. We practice the “DevSecOps” philosophy and build security automation early into the process of everyday engineering functions from software engineering, to cloud infrastructure, and IT. 

ABOUT THE APPLICATION SECURITY ENGINEER ROLE

We are looking to hire a hands-on individual with a white hat hacker mindset with prior software development experience to join us in an Application Security Engineer Role. This position will assist with the build out of Varo Money’s application security program. You will be responsible for architecting, implementing, and communicating application security tools, technologies, and best practices to protect Varo Money’s infrastructure and customers. 

WHAT YOU'LL DO

• Design, document and review application architecture from a security perspective 
• Identify any potential security gaps in existing application infrastructure and work with appropriate stakeholders for remediation 
• Establish secure software development guidelines and perform security code and design reviews 
• Perform Threat Modeling using frameworks like STRIDE 
• Perform due diligence in ensuring that appropriate technology solutions are chosen to facilitate security at the application level 
• Perform static and dynamic application security testing and work with developers towards remediation of any identified issues 
• Implement application security automation by integrating SCA, SAST, and DAST tools into the CI/CD pipeline

SKILLS AND EXPERIENCES THAT’LL HELP YOU BE GREAT

• Bachelors in Computer Science or a related field 
• 5+ years in a security engineering role 
• Strong knowledge of applied cryptography, web security, IAM, TLS/SSL, TCP/IP, and web authentication protocols such as OAuth/SAML 
• Proficient primarily in Java and some other language such as Python or Go 
• Knowledge of Threat Modeling frameworks like STRIDE and hands on experience performing threat modeling 
• Proficient with security tools such as Burp Suite, OWASP ZAP, CheckMarx, Veracode, MetaSploit, App Spider etc. 
• Experience with automation and CI/CD tools such as Terraform, Ansible, and Gitlab 
• Experience with automated application testing tools/frameworks e.g. Selenium, SonarQube, detekt 
• Experience with user/customer identity management, authentication and authorization frameworks 
• Experience with iOS and Android Mobile Application Security concepts is desirable 

THE THREE SKILLS THAT MATTER MOST

Nobody can be great at everything, but we’re looking for candidates who are extraordinary at: 

• Past software development experience 
• Security design review/Threat Modeling experience 
• Hands on experience with SCA, SAST, and DAST 

OTHER NICE-TO-HAVES

• Experience with Web Application Firewalls (WAF) desired but not required 
• Experience with Amazon Web Services (AWS) desired but not required 
• Experience with Kubernetes, Helm, and Istio desired but not required 

At Varo, we are committed to living our values. We hope these resonate with you.

Customers First: Understand the problems our customers are trying to solve. Respond with a sense of urgency. Build relationships that result in loyalty. Be data and insights-driven. Test everything. Achieve results through strong execution. Build a product people love. Assess new initiatives with the customers’ interest in mind. Act with empathy. 

Take Ownership: Bias towards action. Have high standards. Be accountable for the results of your work, our product, our company. Trust others to own it.

Respect: Bias towards action. Have high standards. Be accountable for the results of your work, our product, our company. Trust others to own it.

Stay Curious: Ask why. Dare to make things better. Learn something new each day (even from mistakes). Be open to growth. Develop creative solutions.

Make it Better: Think big. Set high goals. Work towards long term value rather than short term wins. Create change. Be resilient.

Varo is an equal opportunity employer. Varo embraces diversity and we are committed to building teams that represent a variety of backgrounds, perspectives, and skills. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

Learn more about Varo by following us:

Facebook - https://www.facebook.com/varomoney/

Instagram - https://www.instagram.com/varomoney/

LinkedIn - https://www.linkedin.com/company/varo-money-inc./

Twitter - https://twitter.com/varomoney

Engineering Blog - https://medium.com/engineering-varo

Beware of fraudulent job postings!

Varo will never ask for payment to process documents, refer you to a third party to process applications or visas, or ask you to pay costs. Never send money to anyone suggesting they can provide work with Varo. If you suspect you have received a phony offer, please e-mail [email protected] with the pertinent information and contact information. Varo takes this matter seriously, and is working closely with the appropriate authorities to effectively address the issue.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

We hope to hear you say, "I'm in!"