Staff Security Engineer - Application Security

Engineering - Security Full-time

Redwood City, California


Are you looking for a high impact role where you would help build secure and safer payment platform for millions of users? Would you be interested in testing security of systems and softwares and also help define how security is implemented through various stages of the SDLC for all engineering teams and products?  Then the Staff Security Engineer with WePay is what you are looking for.

As a Staff Security Engineer with WePay, you will help define and implement creative techniques to protect WePay’s critical assets against a constantly changing threat landscape.  This individual will work closely with other engineering teams to assess the threat landscape, and design, build, perform ethical hacking and find creative ways to keep our critical assets safe.  They will make decision around commercial/open source security testing tools we will add in our security solutions portfolio. This person who fills this role will have the opportunity to assess and improve security in emerging payment solutions such as mobile payment solutions.

Information Security at WePay is one of our highest priorities, therefore the ideal candidate will share passion for engineering solutions to complex security problems, while minimizing employee friction and maximizing productivity.  They will help build security payment products and making sure that the data that we are trusted to protect is secured to the highest standard.

What You Will Do

  • Support of security enhancement and development
  • Perform vulnerability testing, risk analysis and security assessments
  • Ensure that identified issues are prioritized and addressed in an appropriate timeframe
  • Interact directly with the external security community (e.g. bug bounty program) regarding security vulnerabilities and threats
  • Write secure applications and services through design, development, and implementation of secure software development practices
  • Collaborate and advise engineering teams on building authentication, authorization and encryption solutions
  • Research emerging technologies and maintain awareness of current security risks
  • Help to develop security training and education for our software engineers

What We Are Looking For

  • Minimum 7+ years of experience in information security field
  • In-depth knowledge of Web application Vulnerabilities and ability to articulate their impact to technical and business users
  • Experience with performing Threat Modeling and designing secure Architecture
  • Experience with creating and supporting Secure Software Development Lifecycle
  • Experience with dynamic and static web application testing tools
  • Knowledge of traditional and cloud Architecture, experience of Google Cloud or other public and private cloud technologies a plus
  • Excellent analytical skills, organizational skills, ingenuity and the ability to work as part of a team
  • Experience of HTML5, Java, Javascript, PHP, Python, MySQL is a plus
  • Knowledge of mobile application security, including experience implementing security controls is a plus
  • Experience working with security vendors, including submitting feature requests, evaluating products and analyzing security functionality of a diverse set of product a plus
  • Experience with securing cloud environments a plus

About WePay

WePay, a Chase company, is the payments partner to the platform economy. It has uniquely enabled Constant Contact, GoFundMe, Meetup, and more than 1,000 other B2B and B2C platforms to provide integrated payments processing without compromising on their user experience or taking on risk and regulatory exposure. WePay is a two-time honoree on the Inc. 500 fastest growing private companies list before its December 2017 acquisition by JPMorgan Chase & Co., and has earned recognition on San Francisco and Silicon Valley "Best Places to Work" lists for an open, supportive culture that focuses on delighting customers and employees and offers all the usual perks (free lunch daily, subsidized gym membership, Paid Time Off, etc.).  

You can find more information at

To all recruitment agencies, WePay does not accept agency resumes. Please do not forward resumes to our jobs alias, WePay employees or any other company location. WePay is not responsible for any fees related to unsolicited resumes