Information Security Engineer - Product Security

Information Security Engineer - Product Security

Remote, United States

Who is Credible?

We are a marketplace where users can compare personalized, prequalified rates and quotes from multiple lenders and carriers, for student loans, mortgages, personal loans, and insurance.

We’re challenging the status quo by giving power to the consumer. We believe in a world where ‘ethical’, ‘lending’, and ‘insurance’ can coexist, so we set out to build innovative platforms that actually work for customers. Our mission is to help people find the best loan or insurance policy possible.

We believe researching and buying loans or insurance shouldn’t be confusing or complex, so we’ve focused on simplicity. We’ve created the only unbiased loan and insurance buying process out there, which makes finding options straightforward and clear.

About the Role:

As an Information Security Engineer – Product Security, you’ll work alongside our developers, product managers, and DevOps teams to design and build secure products. You’ll help protect the data of millions of users by identifying vulnerabilities, mitigating risk, and automating security at scale. This is a hands-on role with influence across the software development lifecycle.

We’re not hung up on degrees or certifications. What matters most is your practical skill, curiosity, and ability to collaborate. A strong GitHub profile demonstrating your work is required.

• Collaborate with engineering teams to design secure system architectures and product features.
• Integrate automated security tools into CI/CD pipelines (SAST, DAST, dependency scanning).
• Identify, triage, and help remediate vulnerabilities across codebases and deployed environments.
• Develop internal tooling and scripts to automate security checks and controls.
• Contribute to security policies, developer guidelines, and awareness training.
• Facilitate red team exercises by preparing environments and coordinating with external firms who conduct penetration tests.
• Stay current with emerging security threats and trends; help Credible stay ahead of them.
• Participate in the on-call rotation, incident response and postmortems as needed.

• Degree in Computer Science or related field, or at least 3 years of experience in software development.
• Solid understanding of software security principles, threat modeling, and common vulnerabilities (OWASP Top 10, CWE, etc.).
• Familiarity with web application security, API security, and cloud security (AWS preferred).
• Comfortable navigating and contributing to large codebases; strong Git proficiency.
• Experience integrating security into CI/CD workflows using tools like GitHub Actions, Github Advanced Security, CircleCI, etc.
• Self-starter with strong interpersonal, communication, and collaboration skills
• A GitHub profile showcasing relevant projects or contributions is required.

Credible is open to hiring candidates in the following locations: California, Florida, Georgia, Illinois, Kansas, Kentucky, Maine, Massachusetts, Michigan, Missouri, New Jersey, New Mexico, New York, North Carolina, Ohio, Oregon, South Carolina, Tennessee, Texas, Utah, Virginia, Washington

Pursuant to state and local pay disclosure requirements, the pay ranges for this role, with final offer amount dependent on education, skills, experience, and location, are listed below. This role is also eligible for an annual discretionary bonus, various benefits, including medical/dental/vision, insurance, a 401(k) plan, paid time off, and other benefits in accordance with applicable plan documents.View more details about Credible Benefits

For high cost of labor markets such as but not limited to New York City and San Francisco:

$80,400 — $106,800 USD

For all other US locations:

$67,000 — $89,000 USD

Why work at Credible?

We combine the intelligence, expertise, and confidence of a financial advisor with the approachability and honesty of a friend. In other words, we’re the friend you always wish you had in finance.

We are optimistic, challengers, trustworthy, clever, and smart. We are open and transparent. We strive to act as advisors by being friendly, objective, and open in our communication. We use language that is intelligent yet approachable. When appropriate, we’ll drop in a bit of wit to position ourselves as a fresh, reliable voice in the financial world.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, disability, protected veteran status, or any other characteristic protected by law. We will consider for employment qualified applicants with criminal histories consistent with applicable law.