Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
Affirm values information security as being critical to the company’s continued success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products. The Enterprise Security program is the foundation of both preventive and responsive security practices to protect Affirm’s assets from an adverse event.
As a member of the Security Team at Affirm, you will be joining a team of fun, passionate and highly skilled individuals who like solving security challenges and enjoy learning new skills. We partner together with a team first mindset and are keen on redefining security in the fintech space.
We are looking for a Staff Security Engineer in the Enterprise Security team, primarily supporting the Corporate Security program including vulnerability management, data loss prevention, SaaS security, and corporate infrastructure security. In this role, you will collaborate with internal Security teams (such as Security Operations, Platform Security and IAM) and other external teams (such as product engineering teams, IT, legal and compliance) to create and improve enterprise security capabilities. You will partner with the right teams to solve complex security problems and help design solutions that are aligned with broader organizational goals.
What You'll Do
- Design, implement and maintain security measures for corporate systems
- Design, build and integrate security tooling to manage our corporate systems
- Perform security design review, code review, threat modeling and architecture reviews
- Manage the Corporate Vulnerability Management program
- Develop and enforce security policies, standards and best practices
- Configure and implement cloud security services, including identity and access management, detective controls, infrastructure protection, and data protection
- Contribute to developing and maturing corporate security playbooks and processes
- Collaborate with cross functional teams across Affirm and lead key Security projects
- Participant in security on call and serve as the senior escalation point for the team when needed for help with investigations and incidents
What We Look For
- A seasoned Enterprise Security engineer with a strong ability to design, build, evaluate and maintain systems.
- Experience leading investigations and incidents including containment actions and remediation when needed in a cloud heavy environment (AWS preferred).
- Demonstrated experience in common Enterprise Security tooling including but not limited to: SIEM (Elastic/Splunk), EDR (CrowdStrike/SentinelOne), ZTNA (Netskope/Zscaler), SSPM (AppOmni or similar) and IDP (Okta/Onelogin).
- Demonstrated experience and deep subject matter expertise in Corporate systems including but not limited to: Snowflake, Salesforce, Github, Google Workspace, AWS Slack, Notion, Jira, Zendesk, Microsoft 365, and Workday
- Experience with designing and deploying endpoint management and visibility solutions such as Jamf, Intune, and OSQuery.
- Experience leading an enterprise vulnerability management program using tools such as Rapid7, Crowdstrike Spotlight, Qualys or similar.
- Experience with developing native data ingestion and data normalization integrations.
- Familiarity with container orchestration technologies (Kubernetes).
- Experience developing and deploying cloud services using Infrastructure as code with Terraform or similar.
- Experience with Python or similar language to build security tooling.
- Experience building systems with AWS or similar cloud environments.
- Ability to lead and drive cross functional projects with stakeholders throughout the organization.
- Strong communication skills with the ability to switch communication style when needed between technical and non-technical audiences.
- This position requires either equivalent practical experience or a Bachelor’s degree in a related field.
Base Pay Grade - O
Equity Grade - 7
Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills.
Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents.)
USA base pay range (CA, WA, NY, NJ, CT) per year: $205,000 - 255,000
USA base pay range (all other U.S. states) per year: $182,000 - $232,000
Location: Remote - US
#LI-Remote
Affirm is proud to be a remote-first company! The majority of our roles are remote and you can work almost anywhere within the country of employment. Affirmers in proximal roles have the flexibility to work remotely, but will occasionally be required to work out of their assigned Affirm office. A limited number of roles remain office-based due to the nature of their job responsibilities.
We’re extremely proud to offer competitive benefits that are anchored to our core value of people come first. Some key highlights of our benefits package include:
- Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
- Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
- Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
- ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount
We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.
[For U.S. positions that could be performed in Los Angeles or San Francisco] Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles Fair Chance Initiative for Hiring Ordinance, Affirm will consider for employment qualified applicants with arrest and conviction records.
By clicking "Submit Application," you acknowledge that you have read the Affirm Employment Privacy Policy for applicants within the United States, the EU Employee Notice Regarding Use of Personal Data (Poland) for applicants applying from Poland, the EU Employee Notice Regarding Use of Personal Data (Spain) for applicants applying from Spain, or the Affirm U.K. Limited Employee Notice Regarding Use of Personal Data for applicants applying from the United Kingdom, and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as described therein.
Top Skills
What the Team is Saying
What We Do
Since our founding over a decade ago, our mission has been to deliver honest financial products that improve lives. That mission hasn’t changed—and it never will. At Affirm, we believe money shouldn’t dictate your direction in life. That it should open up options instead of limiting them, and help you get where you’re going without getting in your way. That’s why we offer people the financial flexibility to choose what works for them—in finances and in life.
Why Work With Us
Who is an Affirmer?
/noun/
Someone who believes finance shouldn’t be complicated. We come from a diverse set of backgrounds and we’re driven by the desire to improve lives through honest financial products. We define success by challenging one another to bring our best ideas to every single project—and we have fun while doing it.
Gallery
Affirm Offices
Remote Workspace
Employees work remotely.
Affirm is a remote-first company! Our employees can work anywhere in the U.S. but if an office is more your style, we have office locations in San Francisco, Chicago, New York City, and Pittsburgh.
