Security Engineer II at Dave Inc.

Dave is one of the leading US neobanks and a pioneer in financial services, using disruptive technology to provide best in class banking services to millions of members at a fraction of the cost compared to incumbents. The anchor of our banking value proposition, ExtraCash, provides up to $500 of short term, interest free advances to members within minutes of joining. The speed to value, access and pricing of ExtraCash compared to traditional overdraft sets us apart from incumbents and is a key to our strategy to efficiently acquire transacting Dave debit card members.

Dave is looking for talented Security Engineers to play an instrumental role in securing products that help millions of people improve their relationship with money. We're seeking passionate security engineers interested in protecting our customers and systems. If you're excited to join a tight-knit collaborative team with a mission of helping others, we'd love to hear from you.

As a Level 2 Security Engineer, you will play a vital role in safeguarding our organization's technology infrastructure and data. You will be instrumental in identifying, analyzing, and mitigating security threats, ensuring the confidentiality, integrity, and availability of our systems and information. This role requires a passion for cybersecurity, a commitment to staying current with the latest security trends and technologies, and the ability to implement practical, scalable security solutions.

• Assist in the development and implementation of security controls for our products, including mobile (iOS and Android), web applications, and their supporting web services, under the guidance of senior security engineers.
• Contribute to fixing common security vulnerabilities within our applications.
• Build tools and processes for automating security controls and monitoring at scale.
• Support the integration of security tools into CI/CD pipelines to automate security checks and ensure a secure development process.
• Handle security incidents, including evidence collection, analysis, and reporting.
• Assist in developing and maintaining internal incident response guidelines.
• Prepare and present security reports and findings to various stakeholders.
• Participate in an on-call rotation to address critical security incidents and uphold security measures around the clock.

• Bachelor's degree in a field that requires logical and creative thinking; STEM majors preferred.
• 2+ years of experience as a security engineer, with proficiency in reading and writing code, particularly in Python, TypeScript, JavaScript, or similar languages, to effectively build.
• Familiarity with application security testing tools (e.g., IAST, SAST).Knowledge of security monitoring tools and techniques (e.g., SIEM, log analysis, threat hunting).
• Strong communication, analytical, and problem-solving skills, with the ability to collaborate effectively within a team.
• Familiarity with Git, GitHub, and public cloud infrastructure, preferably Google Cloud Platform.
• Knowledge of security best practices, standards, and compliance requirements (e.g., OWASP, PCI-DSS, SOX).

• Hands-on experience in penetration testing, incident response, and bug bounty programs.
• Experience with Google Cloud Platform (GCP) and Infrastructure as Code (IaC) tools such as Terraform.
• Experience in threat modeling, security architecture review, and secure coding practices.
• Familiarity with common mobile application vulnerabilities and secure mobile development practices.
• Relevant industry certifications such as CEH, OSCP, GIAC, or vendor-specific certifications.

Don’t let imposter syndrome get in your way of an incredible opportunity. We’re looking for people who can help us achieve our mission and vision, not just check off the boxes. If you’re excited about this role, we encourage you to apply. You may just be the right candidate for this or other roles.

Why you’ll love working here: 

At Dave, our people are just as important as our product. Our culture is a reflection of our values that guide who we are, how we work, and what we aspire to be. Daves are member centric, helpful, transparent, persistent, and better together. We strive to create an environment where all Daves feel valued, heard, and empowered to do their best work. As a virtual first company, team members can live and work anywhere in the United States, with the exception of Hawaii. 

A few of our benefits & perks:

• Opportunity to tackle tough challenges, learn and grow from fellow top talent, and help millions of people reach their personal financial goals

• Flexible hours and virtual first work culture with a home office stipend

• Premium Medical, Dental, and Vision Insurance plans

• Generous paid parental and caregiver leave

• 401(k) savings plan with matching contributions

• Financial advisor and financial wellness support

• Flexible PTO and generous company holidays, including Juneteenth and Winter Break

• All-company in-person events once or twice a year and virtual events throughout to connect with your team members and leadership team

Dave Operating LLC is proud to be an Equal Employment Opportunity employer and is dedicated to cultivating a diverse and inclusive workplace. We will consider for employment all qualified applicants and do not discriminate on any basis protected by federal, state, or local law, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance relating to an applicant's criminal history.

#LI-REMOTE