Company Overview

Intuit is a global technology platform that helps consumers and small businesses overcome their most important financial challenges. Serving more than 100 million customers worldwide, we believe that everyone should have the opportunity to prosper. We never stop working to find new, innovative ways to make that possible.

Job Overview

Come join the CX3 Security, Fraud Prevention, and Technical Compliance team as a Staff Software Engineer.

In your role, you'll meaningfully and positively impact the cybersecurity and privacy of tens of millions of users by helping to design and build secure-by-design, privacy-by-design architectures, infrastructure, software, and applications for our consumer tax, personal finance management, marketing technology, and customer success offerings, including TurboTax, Mint, and TurboTax Live. Safety and reputation distinguish our company from the competition and are at the core of our value proposition to our customers. Our mission is to power prosperity around the world, and our products must be secure to accomplish that.

Alongside a world-class global engineering and product management organization, you'll work hands-on with stakeholders across the Intuit ecosystem to deliver delightful, innovative customer-back outcomes while anticipating adversaries and ensuring effective detection and defensive controls are in place to thwart attacks and other types of abuse. As a key member in a vibrant security and engineering organization, you will help our organization and our company continue to build a holistic view of how to secure our platforms and products now and as we expand into the future.

Qualifications

• 5+ years of experience in information security, IT risk management. Hands on experience designing and developing server-side, web, and/or mobile applications a plus
• Ability to review, understand, and provide actionable feedback on code, architecture designs, and infrastructure deployments created and maintained by other engineers and engineering teams
• Proven ability to synthesize achievable solutions from diverse inputs, alternative sources (build / buy / partner) and complex, often ambiguous, data
• Skilled in software development lifecycle processes and high velocity agile development
• Able to operate at highly varying levels of abstraction from business strategy to product strategy to high level technical design to detailed technical design to implementation
• Experience with one or more common compliance frameworks (e.g. ISO/IEC 27001:2013, NIST 800-53, PCI); focus on deep understanding to translate controls and control intent into consumable patterns across enterprise systems
• Experience with security testing and security testing tools
• Expertise in the Software design/architecture process
• Experience with core Intuit technologies a plus: SpringBoot and the Spring software ecosystem, Kubernetes, AWS, Microservices architecture, CI/CD pipelines
• Strong leadership experience: Leading meetings, presenting, technical go-to person, and cross-functional leader
• Excellent problem-solving skills: able to effectively diagnose and troubleshoot technical and cybersecurity issues
• Constant learner and teacher: Actively stay abreast of cybersecurity, fraud prevention, privacy, compliance, and technical trends and standards, recommend best practices, and share learnings with the security and engineering communities
• Excellent communication skills: Demonstrated ability to explain complex technical issues to both technical and non-technical audiences
• Business Acumen - strategic thinking & strategy development
• Building strong teams - set and evangelize vision, facilitative leadership, attract and retain key talent

Team/Leadership Qualifications

• Team player possessing strong analytical, problem solving and communication skills
• Strong mentoring skills. Able to influence and communicate effectively with both technical and non-technical people
• Demonstrated ability to work with global teams across time zones
• Ability to work effectively in a fast paced, complex technical environment
• High adaptability and flexibility
• Experience driving for results across cross-functional teams while maintaining effective working relationships
• Excellent communication skills. Communicates clearly, succinctly and persuasively to all levels of employees, customers and management (including executives)
• "Self-starter" attitude and the ability to make decisions independently

Responsibilities

• Determine security, fraud prevention, privacy, and technical compliance requirements by evaluating business and technical plans and strategies; research information on security and risk-prevention standards; conduct system security and vulnerability analyses and risk assessments
• Create and maintain effective technical documentation, diagrams, and presentations to communicate cybersecurity/fraud risks for development teams and business users
• Clearly identify and document risks using data, expertise, experience, and common risk-assessment methodologies (e.g. threat modelling, MITRE ATT&CK) for fellow security professionals, engineers, and business leaders
• Recommend development and security best practices for application, infrastructure, software development
• Partner across the organization to design and implement high-quality risk management processes through education, consulting, and via support channels (e.g. Slack)
• Ensure effective, comprehensive incident response processes within the organization, incl. remediation and root cause analyses
• Help design and maintain effective governance programs that ensure policy, cybersecurity, privacy, and compliance outcomes are met and maintained at scale via automation, analytics, and pattern development
• Provide perspectives and recommendations on leading industry trends, new and emerging technologies, the evolving privacy and compliance landscape, and continuous process improvements
• Effectively perform knowledge transfers and train technical and non-technical stakeholders at all levels of the organization
• Create and maintain effective technical documentation, diagrams, and presentations to communicate architectural options and risks, and educate development teams and business users
• Act as the technical subject matter expert: Mentoring fellow engineers, demonstrating technical expertise, and leading small teams solving challenging programming and cybersecurity problems
• Roughly 20-60% hands-on coding and data analysis