Senior Application Security Engineer

About the Role

As part of the Product Security team, the Senior Application Security Engineer will have the opportunity to work on a wide range of challenges, from reviewing code and architectures to performing penetration testing and collaborating with AI teams to define and implement production-grade AI security controls. This role is ideal for someone who not only understands the technical aspects of security but also has a keen eye for identifying and mitigating risks in complex, distributed systems and mobile applications.

Chime's commitment to security is reflected in its approach to technology and product development. The company believes in empowering its members through secure, easy-to-use, and free core banking services. As such, the Senior Application Security Engineer will be integral to this mission, ensuring that Chime's products and services meet the highest standards of security and integrity.

What You Will Do

• Build and improve security capabilities, automation, and guardrails for mobile applications and backend/API services.
• Perform application or API/backend penetration testing to identify vulnerabilities and areas for improvement.
• Identify, triage, and help remediate vulnerabilities across Chime products, collaborating with engineering teams to ensure swift and effective fixes.
• Partner closely with engineering and product teams to embed security into the development lifecycle, ensuring that security considerations are at the forefront of product design and development.
• Perform architecture and code reviews across the stack (iOS/Android, APIs, backend) with a focus on secure data storage, authentication, authorization, secure communication, and session/token handling.
• Leverage AI to accelerate security workflows, such as code review support, triage, and threat modeling, and partner with teams building AI-enabled features to define and implement production-grade AI security controls.
• Collaborate with cross-functional teams to develop and implement secure coding practices, ensuring that security is integrated into every stage of the development process.
• Stay up-to-date with the latest mobile threat models and common attack techniques, applying this knowledge to improve Chime's security posture.
• Develop and maintain documentation on security best practices, guidelines, and standards for mobile and backend applications.

What We Are Looking For

• 5+ years of experience in application security, with strong hands-on experience across both mobile and backend systems.
• Hands-on experience securing iOS and Android applications in production environments, with a deep understanding of mobile threat models and common attack techniques.
• Strong understanding of mobile security testing techniques, including static and dynamic analysis.
• Familiarity with iOS and Android platform security features and limitations.
• Practical coding experience, preferably in languages such as Ruby, Go, or Python.
• Ability to clearly communicate security risks, trade-offs, and remediation guidance to engineering partners.
• Experience with agile development methodologies and version control systems like Git.
• Strong analytical and problem-solving skills, with the ability to navigate complex technical issues and propose effective solutions.

Nice to Have

• Experience with cloud security platforms, such as AWS or Google Cloud.
• Knowledge of DevOps practices and tools, including CI/CD pipelines and containerization.
• Familiarity with AI and machine learning technologies, particularly in the context of security applications.
• Certification in security disciplines, such as CISSP, CEH, or similar.

Benefits and Perks

• Competitive salary and bonus structure.
• Comprehensive equity package, reflecting Chime's commitment to its employees' long-term success.
• Full range of benefits, including health, dental, and vision insurance, as well as 401(k) matching.
• Generous PTO policy, allowing for a healthy work-life balance.
• Remote work stipend, acknowledging the importance of a comfortable and productive home working environment.
• Opportunities for professional growth and development, including training, mentorship, and conference attendance.
• Access to the latest technologies and tools, ensuring that employees have everything they need to excel in their roles.

• When applying, ensure your resume and cover letter highlight specific examples of your experience in mobile application security and backend systems.
• Be prepared to discuss your approach to secure coding practices, including how you stay updated with the latest mobile threat models and security testing techniques.
• Showcase any certifications or training in security disciplines, as these can be highly valued by the hiring team.
• In your cover letter, explain how your skills and experience align with Chime's mission and the role's responsibilities, demonstrating your understanding of the company's security needs.
• For the interview, prepare to walk through your experience with architecture and code reviews, as well as your approach to collaborating with cross-functional teams to embed security into the development lifecycle.
• Consider including examples of your work, such as penetration testing reports or secure coding guidelines you've developed, to demonstrate your practical skills and experience.
• During salary negotiations, be prepared to discuss your expectations based on industry standards and your research on Chime's compensation packages.