Senior Security Engineer, Offensive Security

<h2><span style="font-size: 10pt;"><strong>About the role</strong></span></h2>
<p><span style="font-size: 10pt;">We are seeking a Senior Security Engineer to build and lead our Offensive Security program. In this role, you will attack Chime’s services, applications, and infrastructure to discover security issues and report them to our internal technology teams. This position will offer you the opportunity to grow your technical and leadership skills while being part of a collaborative and dynamic team that finds joy in problem-solving and innovating together at Chime.</span></p>
<p><span style="font-size: 10pt;">The ideal candidate will be an offensive cybersecurity professional with a passion for analyzing codebases, testing hypotheses, and designing tools to impact web applications and their infrastructure. This Engineer will work closely with teams throughout Information Security, as well as provide technical leadership and advice to teams and leaders throughout Chime. You will be in direct contact with teams in a variety of business verticals, giving you first-hand knowledge about how Chime is built and how it operates at a deep, technical level. Additionally, you will use the knowledge you gain about Chime to find new ways to break services, processes, and infrastructure throughout the company.</span></p>
<p><span style="font-size: 10pt;">We're a small, dedicated team that’s always thinking of innovative ways to tackle challenging security problems. We take on ambitious projects that have a significant impact on our members and help build a strong security culture within our company. The team encourages discussing the problems we are solving, the methods we use, and celebrating our accomplishments through public blogs and at conferences. If these resonate with the way you work, we'd love to hear from you.</span></p>
<p><span style="font-size: 10pt;">The base salary offered for this role and level of experience will begin at $157,590 and up to $218,900. Full-time employees are also eligible for a bonus, competitive equity package, and benefits. The actual base salary offered may be higher, depending on your location, skills, qualifications, and experience.</span></p>
<h2><span style="font-size: 10pt;"><strong>In this role, you can expect to </strong></span></h2>
<ul>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">Independently manage complete red team exercises.</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">Partner with Engineering, Product, IT, and other business functions to drive security improvement across the organization</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">Research emerging attack vectors, vulnerabilities and techniques</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">Use your offensive skills to identify weaknesses and build defenses against those who may point their attacks at Chime</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">Develop custom payloads and exploits</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">Emulate adversaries like cybercriminals and insider threats by attacking web applications, cloud platforms and supporting services(Kubernetes / Container Orchestration platforms etc.)</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">Partner closely with detection engineers to build high fidelity alerting based on emerging attack vectors and tactics, techniques and procedures</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">Participate in purple-team exercises to mature the security program</span></li>
</ul>
<h2><span style="font-size: 10pt;"><strong>What are we looking for</strong></span></h2>
<ul>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">4+ years of combined experience in either an offensive security, red teaming, or application security role.</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">Experience in conducting surreptitious cloud based attacks</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">Experience with developing custom tools and payloads which bypass defensive products, and remain undetected in a mature network environment</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">Ability to perform unsupervised red team engagements and experience with performing adversarial simulation</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">Ability to explain vulnerabilities and weaknesses to non-technical partners</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">(Nice to have) Relevant certifications: OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert) and OSEE (Offensive Security Exploitation Expert), Certified Red Team Operator (CRTO), GIAC Red Team Professional certification (GRTP)</span></li>
</ul>
<h2><span style="font-size: 10pt;"><strong>A little about us</strong></span></h2>
<p><span style="font-size: 10pt;">At Chime, we believe that everyone can achieve financial progress. We’re passionate about developing solutions and services to empower people to succeed. Every day, we start with empathy for our members and stay motivated by our desire to support them in ways that make a meaningful difference.</span></p>
<p><span style="font-size: 10pt;">We created Chime—a financial technology company, not a bank*-- founded on the premise that basic banking services should be <strong>helpful</strong>, <strong>transparent</strong>, and <strong>fair</strong>. Chime helps <strong>unlock</strong> the access and ability our members need to overcome the systemic barriers that block them from moving forward. By providing members with access to liquidity, rewards, and credit building, our easy-to-use tools and intuitive platforms give members the ability to have more control over their money and to take action toward achieving their financial ambitions.</span></p>
<p><span style="font-size: 10pt;">So far, we’re well-loved by our members and proud to have helped millions of people unlock financial progress, whether they started a savings account, bought their first car or home, opened a business, or went to college. Every day, we’re inspired by our members’ dreams and successes, big and small.</span></p>
<p><span style="font-size: 10pt;">We’re uniting everyday people to unlock their financial progress—will you join us?</span></p>
<p><span style="font-size: 10pt;">*Chime partners with The Bancorp Bank and Stride Bank, N.A., Members FDIC, that power the bank accounts used by Chime Members.</span></p>
<h2><span style="font-size: 10pt;"><strong>What we offer</strong></span></h2>
<ul>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">🏢 A thoughtful hybrid work policy that combines in-office days and trips to team and company-wide events depending on location to ensure you stay connected to your work and teammates, whether you’re local to one of our offices or remote</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">💻 Hybrid work perks, like UrbanSitter and Kinside for backup child, elder and/or pet care, as well as a subsidized commuter benefit</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">💰 Competitive salary based on experience</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">✨ 401k match plus great medical, dental, vision, life, and disability benefits</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">🏝 Generous vacation policy and company-wide Take Care of Yourself Days</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">🫂 1% of your time off to support local community organizations of your choice</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">🧠 Mental health support with therapy and coaching through Modern Health</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">👶 16 weeks of paid parental leave for all parents and an additional 6-8 weeks for birthing parents</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">👪 Access to Maven, a family planning tool, with up to $10k in reimbursement for egg freezing, fertility treatments, adoption, and more.</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">🎉 In-person and virtual events to connect with your fellow Chimers—think cooking classes, guided meditations, music festivals, mixology classes, paint nights, etc., and delicious snack boxes, too!</span></li>
<li style="font-size: 10pt;"><span style="font-size: 10pt;">💚 A challenging and fulfilling opportunity to join one of the most experienced teams in FinTech and help millions unlock financial progress</span></li>
</ul>
<p><span style="font-size: 10pt;">We know that great work can’t be done without a diverse team and inclusive environment. That’s why we specifically look for individuals of varying strengths, skills, backgrounds, and ideas to join our team. We believe this gives us a competitive advantage to better serve our members and helps us all grow as Chimers and individuals.</span></p>
<p><span style="font-size: 10pt;">We hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, Veteran status, and any other status. Chime is proud to be an Equal Opportunity Employer and will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance, Cook County Ordinance, and consistent with Canadian provincial and federal laws. If you have a disability or special need that requires accommodation, please let us know.</span></p>
<p><span style="font-size: 10pt;">To learn more about how Chime collects and uses your personal information during the application process, please see the <a href="https://www.chime.com/careers/chime-applicant-privacy-notice/" target="_blank">Chime Applicant Privacy Notice. </a></span></p>
<p><span style="font-size: 10pt;">#LI-SB1</span></p>