Security Engineer

About epiFi

Who we are: _Simply put, a Fin-Tech startup for digital natives. Our mission is to help our users demystify their finances, maximize their savings and spend intelligently. We are building a highly secure ‘hub’ a savings account that allows you to consolidate your finances in a single intuitive view.

_Who we- re looking for: Exceptional, innovative people! Passionate about delightful user experiences, clear about doing the right thing and hungry to impact millions of lives.

Why you should work with us: We are about doing the right thing always, both for our team and users. We are a positive, transparent and inclusive community celebrating success together, encouraging bias for action and individual brilliance. We are ambitious and want everyone thinking - impact and growth- . Our office is not just fun, it is human, nimble and business-like.

With rich experience in the world's leading tech companies and banks, we deeply and equally understand both the - fin- and - tech- in fintech. Funded by leading global VCs, we- re in pursuit of a fantastic experience for both our consumers and colleagues.

What this role is about : As one of the early members of the security team, you will have an outsized impact on the priorities & direction of the security program and play a key role in building out our security program. The product freatures brings with it a unique set of security challenges, which are critical for us & we are committed to adhere to the security compliance as a central function of the business.

At epiFi you will :

• Identify critical flaws in our web applications and cloud infrastructure that could be exploited.
• Collaborate with peers to write and review technical proposals, architectural diagrams, application code and cloud formation.
• Reduce assessment time by maintaining specifications and tooling. Improve the scope of our assessments by adding new techniques and new categories of vulnerability assessments.
• Educate the organization to pre-emptively develop secure services and to prevent security regressions by organizing talks and preparing written articles.

You should apply if you have:

• At least 5+yrs of experience as a Security Engineer or working as a Software Engineer with deep involvement in securing web applications.
• The ability to understand complicated information-flows along with the ability to use one or more high-level programming language.
• The understanding of web technologies such as Browsers, JavaScript, APIs, Websockets, Databases, Front-End and Back-End systems.
• The understanding of web security mechanisms (such as SOP, CORS, CSP, Subresource Integrity, and same-site cookies)
• The awareness of applications implementing OAuth, SAML and JWT authentication.