Senior Security Engineer, Offensive Security at Chime – San Francisco, CA

About the role

We are looking for a Senior Security Engineer to build and lead our Offensive Security program. In this role, you will attack Chime’s services, applications, and infrastructure to discover security vulnerabilities and report them to our internal technology teams. This role offers you the opportunity to develop your technical and leadership skills while being part of a collaborative and dynamic team that enjoys solving problems and innovating together at Chime.

The ideal candidate is an offensive cybersecurity professional with a passion for analyzing codebases, testing hypotheses, and designing tools to impact web applications and their infrastructure. This engineer will work closely with teams in Information Security and will also provide technical leadership and advice to teams and leaders in Chime. You will have direct contact with teams across multiple vertical industries, giving you first-hand knowledge of how Chime is built and how it operates at a deep, technical level. Additionally, you will use the knowledge you gain about Chime to find new ways to disrupt services, processes, and infrastructure across the enterprise.

We are a small, dedicated team that is always thinking of innovative ways to tackle challenging security problems. We take on ambitious projects that have a significant impact on our members and help build a strong security culture within our company. The team encourages discussion of the problems we solve, the methods we use, and celebrating our achievements through public blogs and at conferences. If this resonates with the way you work, we want to hear from you.

The base salary offered for this role and experience level starts at $157,590 and can increase to $218,900. Full-time employees are also eligible for a bonus, competitive stock package, and benefits. Actual base salary offered may be higher depending on your location, skills, qualifications, and experience.

In this role you can expect the following:

• Independently lead complete red team exercises.
• Collaborate with Engineering, Product, IT and other business functions to improve security across the organization
• Research new attack vectors, vulnerabilities and techniques
• Use your offensive skills to identify weaknesses and build defenses against those who direct their attacks at Chime
• Developing custom payloads and exploits
• Impersonate adversaries such as cybercriminals and insider threats by attacking web applications, cloud platforms and supporting services (Kubernetes/Container Orchestration platforms etc.).
• Work closely with detection engineers to develop high-fidelity alerts based on emerging attack vectors and tactics, techniques, and procedures
• Participate in purple team exercises to mature the security program

What are we looking for?

• Minimum 4 years of combined experience in an offensive security, red teaming or application security role.
• Experience in conducting stealthy cloud-based attacks
• Experience developing custom tools and payloads that evade defensive products and remain undetected in a mature network environment
• Ability to conduct unguided red team missions and experience conducting hostile simulations
• Ability to explain vulnerabilities and weaknesses to non-technical partners
• (Nice to have) Relevant certifications: OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert) and OSEE (Offensive Security Exploitation Expert), Certified Red Team Operator (CRTO), GIAC Red Team Professional Certification (GRTP)

A little bit about us

At Chime, we believe that everyone can achieve financial progress. We are passionate about developing solutions and services to empower people to succeed. We start each day with empathy for our members and remain motivated by our desire to support them in ways that make a meaningful difference.

We founded Chime, a financial technology company, not a bank*, on the premise that basic banking services should be accessible. helpful, transparentAnd honestly. Chime helps unlock the access and power our members need to overcome the systemic barriers that prevent them from getting ahead. By providing members with access to liquidity, rewards and credit building, our easy-to-use tools and intuitive platforms empower members to take more control of their money and take action to achieve their financial ambitions.

To date, we are loved by our members and proud to have helped millions of people achieve financial progress, whether they started a savings account, bought their first car or home, started a business or went to college. Every day, we are inspired by the dreams and successes of our members, big and small.

We bring everyday people together to unlock their financial progress. Will you join us?

*Chime partners with The Bancorp Bank and Stride Bank, N.A., members of the FDIC, who manage the bank accounts used by Chime members.

What we offer

• 🏢 A thoughtful hybrid working policy that combines days in the office with trips to team and company events, depending on location, to ensure you stay connected to your work and teammates, whether you are local at one of our offices or remote
• 💻 Hybrid work benefits, such as UrbanSitter and Kinside for replacement care for children, elderly and/or pets, as well as a subsidized travel allowance
• 💰 Competitive salary based on experience
• ✨ 401k match plus great medical, dental, vision, life and disability benefits
• 🏝 Generous vacation policy and company-wide Take Care of Yourself days
• 🫂 1% of your free time to support local community organizations of your choice
• 🧠 Mental health support with therapy and coaching via Modern Health
• 👶 16 weeks of paid parental leave for all parents and an additional 6-8 weeks for parents who give birth
• 👪 Access to Maven, a family planning tool, with up to $10,000 in reimbursement for egg freezing, fertility treatments, adoption, and more.
• 🎉 In-person and virtual events to connect with your fellow Chimers. Think cooking classes, guided meditations, music festivals, mixology classes, painting nights, etc. and also delicious snack boxes!
• 💚 A challenging and rewarding opportunity to join one of the most experienced teams in FinTech and help millions of people achieve financial progress

We know that great work can’t be done without a diverse team and an inclusive environment. That’s why we specifically seek out individuals with different strengths, skills, backgrounds, and ideas to join our team. We believe this gives us a competitive edge to better serve our members and helps us all grow as Chimers and individuals.

We will hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, veteran status, and any other status. Chime is proud to be an equal opportunity employer and will consider qualified candidates with criminal records in a manner consistent with the San Francisco Fair Chance Ordinance, Cook County Ordinance, and consistent with Canadian provincial and federal laws. If you have a disability or special need that requires accommodations, please let us know.

For more information about how Chime collects and uses your personal information during the application process, please see Chime’s Applicant Privacy Statement.

#LI-SB1