Staff Product Security Engineer

AffirmAffirm·Remote(Remote Canada)
Software Development
Programmatic

WFA Digital Insight

As the demand for digital payment solutions grows, so does the need for skilled security engineers. With a 25% increase in online transactions in 2025, companies like Affirm are looking for experts to secure their platforms. This Staff Product Security Engineer role stands out for its focus on programmatic security, a highly sought-after skill in the industry. Before applying, candidates should be prepared to showcase their experience in software development, threat modeling, and security implementation.

Job Description

About the Role

The Staff Product Security Engineer will play a critical role in ensuring the security and integrity of Affirm's products. As a key member of the security team, this individual will work closely with product and engineering teams to evaluate and influence product requirements, design, and implementation. The ideal candidate will have experience building and architecting software as part of a larger team and will be able to work effectively with cross-functional teams to identify and mitigate security threats.

The security team at Affirm is committed to making information security programmatic and cultural, enabling the company to succeed in building honest financial products. The Staff Product Security Engineer will be responsible for partnering with product teams to ensure that security is included in every phase of the product development lifecycle.

What You Will Do

  • Partner with Affirm product teams to ensure that security is included in every phase of the product development lifecycle
  • Conduct threat modeling and architecture reviews to ensure threats are understood, documented, and mitigated
  • Review and analyze product source code to identify security vulnerabilities and provide recommendations for secure implementation
  • Seek out opportunities to automate processes when appropriate
  • Identify emerging classes of vulnerabilities and develop solutions for them before they become a problem
  • Assist product teams in the development of security-focused test cases to enforce security requirements
  • Advise product teams on business security requirements early in the product development lifecycle
  • Decompose large, cross-team projects into individual tasks and manage scope across teams to drive toward project closure

What We Are Looking For

  • Deep understanding of web application architecture and design principles
  • Experience using modern software development and delivery techniques to develop cloud-based services
  • Knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
  • Experience with PCI or other regulated environments
  • Experience conducting threat models for complex, distributed products using standard threat modeling techniques and methodologies
  • Experience with standard authentication mechanisms, including SAML and OAuth2

Nice to Have

  • Experience with Python, Kotlin, Java, AWS, and Azure
  • Knowledge of continuous integration and continuous delivery pipelines
  • Experience with security information and event management (SIEM) systems

Benefits and Perks

  • Competitive salary and equity package
  • Comprehensive health and wellness benefits
  • Flexible PTO and remote work options
  • Professional development opportunities
  • Access to cutting-edge technologies and tools
  • Collaborative and dynamic work environment

How to Stand Out

  • Be prepared to provide specific examples of your experience with threat modeling and security implementation
  • Showcase your knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
  • Highlight your experience with modern software development and delivery techniques
  • Be ready to discuss your experience with PCI or other regulated environments
  • Show your ability to work effectively with cross-functional teams
  • Keep your online presence and portfolio up-to-date to demonstrate your skills and experience

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.