Description

About the role

We are seeking a Senior Security Engineer to build and lead our Offensive Security program. In this role, you will attack Chime's services, applications, and infrastructure to discover security issues and report them to our internal technology teams. This position will offer you the opportunity to grow your technical and leadership skills while being part of a collaborative and dynamic team that finds joy in problem-solving and innovating together at Chime.

The ideal candidate will be an offensive cybersecurity professional with a passion for analyzing codebases, testing hypotheses, and designing tools to impact web applications and their infrastructure. This Engineer will work closely with teams throughout Information Security, as well as provide technical leadership and advice to teams and leaders throughout Chime. You will be in direct contact with teams in a variety of business verticals, giving you first-hand knowledge about how Chime is built and how it operates at a deep, technical level. Additionally, you will use the knowledge you gain about Chime to find new ways to break services, processes, and infrastructure throughout the company.

• Independently manage complete red team exercises.
• Partner with Engineering, Product, IT, and other business functions to drive security improvement across the organization
• Research emerging attack vectors, vulnerabilities and techniques
• Use your offensive skills to identify weaknesses and build defenses against those who may point their attacks at Chime
• Develop custom payloads and exploits
• Emulate adversaries like cybercriminals and insider threats by attacking web applications, cloud platforms and supporting services(Kubernetes / Container Orchestration platforms etc.)
• Partner closely with detection engineers to build high fidelity alerting based on emerging attack vectors and tactics, techniques and procedures
• Participate in purple-team exercises to mature the security program

• 4+ years of combined experience in either an offensive security, red teaming, or application security role.
• Experience in conducting surreptitious cloud based attacks
• Experience with developing custom tools and payloads which bypass defensive products, and remain undetected in a mature network environment
• Ability to perform unsupervised red team engagements and experience with performing adversarial simulation
• Ability to explain vulnerabilities and weaknesses to non-technical partners
• (Nice to have) Relevant certifications: OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert) and OSEE (Offensive Security Exploitation Expert), Certified Red Team Operator (CRTO), GIAC Red Team Professional certification (GRTP)

• A thoughtful hybrid work policy that combines in-office days and trips to team and company-wide events depending on location to ensure you stay connected to your work and teammates, whether you're local to one of our offices or remote
• Hybrid work perks, like UrbanSitter and Kinside for backup child, elder and/or pet care, as well as a subsidized commuter benefit
• Competitive salary based on experience
• 401k match plus great medical, dental, vision, life, and disability benefits
• Generous vacation policy and company-wide Take Care of Yourself Days
• 1% of your time off to support local community organizations of your choice
• Mental health support with therapy and coaching through Modern Health
• 16 weeks of paid parental leave for all parents and an additional 6-8 weeks for birthing parents
• Access to Maven, a family planning tool, with up to $10k in reimbursement for egg freezing, fertility treatments, adoption, and more.
• In-person and virtual events to connect with your fellow Chimers-think cooking classes, guided meditations, music festivals, mixology classes, paint nights, etc., and delicious snack boxes, too!
• A challenging and fulfilling opportunity to join one of the most experienced teams in FinTech and help millions unlock financial progress