Senior Manager, Security Engineering

As the Senior Security Engineering Manager, you will own the cybersecurity engineering roadmap and technical landscape for the systems driving the security of our products, applications, and cloud infrastructure at Dave. You will define the roadmap and vision for how security is embedded into the product, our code, our systems, and ingraining security into engineering culture. In this deeply technical space, you will spend the vast majority of your time coaching and empowering security engineers to deliver on the right outcomes to defend against attacks on our company, our members, and our systems. 

The ideal candidate will have spent time as an engineer, writing code and building systems. This candidate will have a deep understanding of making tradeoffs between building products and ensuring that we’re protected against risk.  You’ll have direct hands-on experience in modern public cloud environments, identifying vulnerabilities in services and infrastructure, and be eager to mentor engineers to grow. 

You will report directly to the Director of Security & IT  and lead the engineering roadmap and vision for the Product and Cloud Security areas at Dave. You will directly manage and be responsible for the following:  

• Product Security: Spearhead the strategic vision and roadmap for Product Security, ensuring security is embedded into all stages of the product lifecycle. Champion a threat-based approach to product security, encompassing the identification of security vulnerabilities in code and implementing scalable tools within the SDLC to test and prevent the introduction of risks into the product.

• Cloud Security: Provide strong technical leadership in the cloud space, ensuring we adhere to standards regarding Identity and Access Management (IAM), encryption of data at rest and in transit, network security, and vulnerability management. Ensure that policies, procedures, and guidelines for cloud environments are documented and known.

• Data Security: Safeguard customer data by implementing robust security controls, encryption, and access management protocols. Ensure compliance with data protection regulations and industry best practices to prevent unauthorized access, data loss, or breaches.

• System Architecture & Integration: Oversee the design and integration of security into our system architecture, ensuring that security is embedded into the design of our products and that security controls are seamlessly integrated with our business-critical platforms, services, and vendor integrations.

• Security Operations: Ensure the ongoing monitoring, detection, and response to security incidents, maintaining the integrity and confidentiality of Dave's systems and data.

• Cross-functional Collaboration: Collaborate with product management, product engineering, and other business units to align security initiatives with broader company objectives.

• Innovation & Continuous Improvement: Drive innovation in security using modern practices and seek new opportunities to improve our technology stack, processes, and methodologies.

• Talent Acquisition & Retention: Play a key role in hiring, training, and retaining top engineering talent. Cultivate an environment where team members feel motivated, valued, and encouraged to achieve their full potential.

• Culture & Collaboration: Foster a culture of belonging, psychological safety, and open communication within the team and across the organization. Encourage innovative thinking and a shared sense of purpose to ensure a cohesive team environment.

These teams will be unified under your direct leadership and critical to Dave’s success in defending against common and targeted cybersecurity attacks. If you thrive on collaborating to solve hard problems, are passionate about finding innovative solutions, delight customers, and inspire colleagues, then this role is for you!

What you’ll do: 

• Grow a team of talented engineers by hiring, leading, mentoring, and motivating them.

• Work with Engineering Leadership & business stakeholders to create a roadmap & vision, including communicating risks through KPI’s and KRI’s

• Bring forward creative technical solutions to handle complex & dynamic business. 

• Take complete ownership of long-term projects and drive horizontal initiatives through to completion.

• Understand product, codebase, and cloud infrastructure domains

• Be an expert in your domain, code, and threat model in depth, empowering you to make data-driven decisions and solution trade-offs.

• Collaborate with platform teams to identify and address weaknesses in Dave's security architecture, including insecure infrastructure configurations and unsafe software development practices.

• Ensure security is seamlessly integrated into our code and infrastructure by utilizing an Infrastructure as Code methodology and incorporating security tools into our CI/CD processes.

• Facilitate and contribute to conversations with other managers and technical leaders to develop scalable security architectures, resilient systems, and prioritize tech debt.

• Facilitate the bidirectional flow of information between the squads you manage, the broader engineering organization, and leadership to ensure effective communication and collaboration.

• Internalize and champion the changes, priorities/goals initiated by peers, managers, and leadership.

• Model finding solutions to problems (rather than surfacing problems alone) and coach others on how to do the same.

• Be the product owner for your domain and champion of quality & testing.

What you’ll need: 

• 10+ years of experience in security engineering, including application security and public cloud security

• 3+ years of experience in security engineering management

• Programming skills (e.g., Python, Javascript, Typescript, Terraform)

• Extensive experience with security technologies and tools (e.g., SCA, SAST, DAST, SIEM, BurpSuite)

• Strong understanding of cloud security (AWS or GCP)

• Working knowledge of authentication (SAML, OIDC), cryptography, application security (OWASP Top 10), and network security

• Experience securing containers and orchestration tech (e.g., Docker, Kubernetes)

• Experience with rapid detection and response to cybersecurity threats

• Ability to collaborate and develop a technical vision for large projects

• Experience handling complex issues with multiple stakeholders

• Experience building diverse and inclusive high-performing teams

• Strong analytical and problem-solving skills

• Experience in a dynamic, fast-paced environment

Bonus if you have:

• Experience running red teams or purples teams, including offensive testing

• Technical Certifications such as CEH or OSCP

Don’t let imposter syndrome get in your way of an incredible opportunity. We’re looking for people who can help us achieve our mission and vision, not just check off the boxes. If you’re excited about this role, we encourage you to apply. You may just be the right candidate for this or other roles.

Why you’ll love working here: 

At Dave, our people are just as important as our product. Our culture is a reflection of our values that guide who we are, how we work, and what we aspire to be. Daves are member centric, helpful, transparent, persistent, and better together. We strive to create an environment where all Daves feel valued, heard, and empowered to do their best work. As a virtual first company, team members can live and work anywhere in the United States, with the exception of Hawaii. 

A few of our benefits & perks:

💚 Opportunity to tackle tough challenges, learn and grow from fellow top talent, and help millions of people reach their personal financial goals

💻 Flexible hours and virtual first work culture with a home office stipend

🏥 Premium Medical, Dental, and Vision Insurance plans

👶 Generous paid parental and caregiver leave

💰 401(k) savings plan with matching contributions

📈 Financial advisor and financial wellness support

🏖️ Flexible PTO and generous company holidays, including Juneteenth and Winter Break

🎉 All-company in-person events once or twice a year and virtual events throughout to connect with your team members and leadership team

Dave Operating LLC is proud to be an Equal Employment Opportunity employer and is dedicated to cultivating a diverse and inclusive workplace. We will consider for employment all qualified applicants and do not discriminate on any basis protected by federal, state, or local law, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance relating to an applicant's criminal history.

#LI-REMOTE