Welcome to Jetty, the financial services platform on a mission to make renting a home more affordable and flexible. We've built multiple financial products that benefit both renters and property managers - and we're just getting started.
As a member of the Infosec Team, you're passionate about building fintech products that provide value to our customers and maintaining the security of our customer's data. You love to learn, take on challenges, and are empowered in a fast-paced and transparent culture. You're comfortable finding the right tool or pattern for the job, and advocating for improvements to the way we work.
As a Security Engineer, you will be responsible for implementing and supporting Jetty's security program. You will be responsible for building and implementing tools and systems to monitor and secure Jetty's environment. You will mentor team members on security best practices and ensure the Engineering teams adhere to these best practices.
What you will do:
- Provide subject matter expertise in multiple security areas (e.g. architecture, authentication/authorization, application security, threat modeling etc.)
- Contribute to secure architecture and design of Jetty products in collaboration with adjacent teams
- Work across product and engineering teams to prioritize security features and bugs, and ensure implementation and mitigations
- Build and implement security solutions across the product life-cycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc
- Plan & execute security assessments (dynamic testing, static testing, automated code review, etc) and threat modeling of Jetty's products, services, and associated cloud infrastructure
- Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate
- Configure and extend monitoring tools to identify threats and vulnerabilities impacting Jetty product; triage, respond to, investigate and mitigate while communicating associated risk
- Assist with the planning and delivery of the organization's Information Security projects and programs
- Continue to cultivate a "security first" mindset with adjacent teams
- Contribute to the creation and delivery of security training
- Research emerging attack vectors and techniques
Our current toolstack:
- Python, Javascript (React.js, Next.js)
- Postgresql, DynamoDB, Redis, Snowflake
- Python-Flask API Servers, Lambdas, Step Functions
- AWS, GitHub, GitHub Actions
- The right tool for the right job. We are not tied to any specific language or framework, but encourage our engineers to explore and learn better ways of building software
The experiences you will bring:
- 5+ years of experience in Information / Cloud / Application Security
- Understanding of secure software development process
- Experience implementing product vulnerability management lifecycle
- Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond)
- Knowledge of browser-based security controls such as CSP, HSTS, XFO
- Knowledge and experience with implementing security countermeasures and controls
- Experience with cloud-based security controls
- Industry recognized certification from ISC2, ISACA, etc preferred
- Experience with financial services, SOC2, PCI, DFS is a plus
- Strong AWS Security Skills (Certifications recommended)
- Experience with patching servers and containers
- Experience with container technologies, modern source control tools, and CI/CD build/deployment tools
- Experience with networking, Linux systems administration, and common cryptography practices and libraries
- Experience with configuration-as-code management and tooling to manage those configurations
- Proficiency in scripting languages such as Bash and Python
- BS in Computer Science or related field, or equivalent experience
About Jetty
Jetty's integrated suite of products help property managers increase lease conversions, improve resident retention, reduce bad debt, and boost NOI. For renters, Jetty decreases the financial burden of moving into a new home and offers greater flexibility with how and when to pay rent.
Jetty has raised more than $70M from investors including Khosla Ventures, Ribbit Capital, Citi and Valar, and has a highly collaborative team working remotely around the country. To learn more about Jetty, visit jetty.com.
Jetty is firmly committed to building a team as diverse as our Members. We are proud to provide equal employment opportunities for all candidates regardless of race, ancestry, citizenship, sex, gender identity or expression, religion, sexual orientation, marital status, age, disability, or veteran status.
Benefits & Perks
- Health, dental, and vision insurance through Aetna & MetLife
- 401(k) through Betterment
- Optional life and disability coverage, HSA & FSA
- 20 days of PTO + 12 holidays, "Jetty Winter Break," and unlimited sick days
- Generous parental leave policy
- Flexible work schedules to accommodate remote work
- Stipends to cover WFH set-up, monthly childcare, and monthly phone/internet bill