Senior Security Engineer

About the Tech TeamThe engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide. Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.Your Role As a Security Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :

• Owning the end to end security of all subsystems that contribute to the decision of providing trade finance to importers and exporters worldwide
• Audit code developed by engineers and point out security concerns
• Evaluate all third party software and libraries and provide recommendations
• Perform pen test and security reviews of all modules before they are released to production environments

• Bachelor's degree in computer science, or a related field with 4+ years of relevant work experience 
• Knowledge of web security, TLS/SSL, web authentication protocols such as OAuth, Role-Based Access Control (RBAC), security roles, policy, and enforcement
• End-to-end security expertise including application security, network security, device security. Knowledge of securing data at rest and data in motion
• Ability to determine vulnerabilities in code, check subsystems for common attack patterns and exploitation techniques. Ability to write functional exploits for – simple stack overflow, cross-site scripting, or SQL injection
• Experience in one programming language such as Go, Java, Python
• Strong analytical and problem-solving skills, and strong communications skills
• Knowledge of security standards such as HIPPA, SOX; and experience using standard security assessment and penetration testing tools would be a plus