Strengthen the security of EarnIn's products by leading the vulnerability management program, driving remediation efforts, and guiding teams with secure development practices.
Requirements
- 4+ years of experience running or contributing to a vulnerability management program at scale
- 4+ years of professional software development experience (Python, Java, JavaScript, or similar), with proven ability to evaluate code quality and provide informed security guidance to engineers.
- Experience automating aspects of vulnerability management through scripting, APIs, and integration with CI/CD systems.
- Strong understanding of application and cloud security principles, standard vulnerability classes (e.g., OWASP), secure development practices, and threat modeling.
- Proficiency with vulnerability scanning tools, dependency management, and code analysis.
- Knowledge of containerized environments (Docker, Kubernetes) and cloud platforms (AWS preferred).
Responsibilities
- Lead and evolve the vulnerability management program: define short- and long-term goals, establish processes, and build and maintain metrics and reporting.
- Manage day-to-day program operations: triage findings, file and track tickets, respond to questions, evaluate solutions, and drive remediation progress.
- Partner with engineering teams to review security weaknesses, balancing risk, technical constraints, and business impact, while providing authoritative secure development guidance to ensure solutions are practical and effective.
- Lead security architecture reviews and guide engineering teams and security champions in completing threat modeling exercises.
- Support the bug bounty program, including triage of submissions, coordination with researchers, and integration into the vulnerability management workflow.
- Stay current on the evolving vulnerability landscape, including new classes of application, dependency, and infrastructure issues.
- Contribute to security best practices, guidelines, documentation, and training.
Other
- Demonstrated ability to proactively improve and streamline existing processes and programs to drive continuous improvement.
- Ability to work cross-functionally with engineering, product, and operations teams to drive security initiatives forward.
- Excellent attention to detail with strong written, verbal, and interpersonal communication skills.
- Bachelor's degree or higher, or equivalent industry experience
