Lead Security Engineer

We’re looking for talented professionals, anywhere in the United States, to join us in bringing smart money management and payment solutions to everyone’s fingertips.

At Green Dot, we are evolving to a new and permanent “Work from Anywhere” model designed to maximize the benefits of remote work, promote and enable a strong culture of performance and connectedness, and attract the best and brightest talent who align with our entrepreneurial spirit and mission.

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>

JOB DESCRIPTION

Lead Security Engineer

Is the primary tech lead for Green Dot’s security the development, evaluation and implementation of governance, risk and compliance and processes to mitigate cybersecurity risk and ensure protection of company and allied assets and information. Stays current on current and pending laws and regulations, industry standards and customer and vendor contracts to understand and communicate compliance requirements. Focus is data protection and compliance. Responsible for hardware, software and network firewalls and encryption protocols. Responsible for network security audits and testing and evaluates system security configurations to ensure efficacy and compliance with policies and procedures. May conduct penetration testing and vulnerability assessments of applications, operating systems and/or networks. May respond to cybersecurity breaches, identify intrusions and isolate, block and remove unauthorized access. May assist in the creation and implementation of security solutions.

Job Responsibilities

• Build and operate Green Dot Cloud's security systems for automated detections and responses in Azure and AWS
• Proactively identify risks and malicious activity in our cloud infrastructure and systems
• Analyze systems, logs, events, and alerts for signs of malicious activity
• Write custom detections rules and tools to monitor, analyze, and detect malicious activity
• Build automation for response and remediation of malicious and anomalous activity
• Develop and deploy new security practices, policies and tools to multiple environments.
• Document new and/or update existing security procedures, architecture and knowledge base articles.
• Drive implementation of countermeasures, mitigations, and containment
• Collaborate with engineering, IT, and other security teams to develop scalable and flexible solutions for defending Green Dot’s Cloud from low-level actors to nation state actors.
• Build, cultivate, and maintain positive relationships with internal customers to identify and facilitate solutions to increase the impact of the team's work
• Provide feedback into Green Dot products, modules, and services to improve cybersecurity capabilities as an internal customer with real-world experiences.
• Be on periodic on-call for triage of critical alerts from detections

Job Requirements

• 4+ years of experience with building and operating a SIEM (i.e. Splunk, Sentinel, etc.) or cloud-based security analytics for security data search and analysis operations.
• 4+ years of experience in cloud hosted environments (e.g. Azure, AWS)
• 4+ years of experience building security tools in using DevOps application development practices (e.g. Git, JIRA, Kanban) and deployment (e.g. Jenkins, GitHub Action Runners, CloudFormation, Terraform)
• 4+ years of experience threat hunting tactics and techniques in Linux, containers, and serverless systems to proactively identify known and unknown cyber threats, advisory behaviors, and anomalies
• Solid understanding of modern attacker tactics, techniques, and procedures (TTPs) (e.g. MITRE ATT&CK, building threat intelligence, etc.)
• Experience with building and operating a SIEM in cloud (i.e. Splunk, Sentinel, etc.) or cloud-based security analytics for cloud security data search and analysis operations.
• Experience in securing cloud infrastructure (Azure,AWS) using native and 3rd party tools (e.g. Palo Alto Prisma, Azure Policy, Intune, Cloud Trail, AWS Config)
• Experience with network firewall configuration (e.g. Cisco, Palo Alto, Azure FW)
• Experience with web proxy solutions (e.g. Websense, Azure Global Connect)
• Experience designing and building defense-in-depth security monitoring to aid in detection, triage, analysis, and response
• Working with industry security and risks standards (e.g. FedRAMP Moderate, PCI DSS, SOC2, ISO 27001, CIS Benchmarks) for sensitive data protection

POSITION TYPE

Regular

We’re looking for talented professionals, anywhere in the United States, to join us in bringing smart money management and payment solutions to everyone’s fingertips.

At Green Dot, we are evolving to a new and permanent “Work from Anywhere” model designed to maximize the benefits of remote work, promote and enable a strong culture of performance and connectedness, and attract the best and brightest talent who align with our entrepreneurial spirit and mission.

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>

JOB DESCRIPTION

Lead Security Engineer

Is the primary tech lead for Green Dot’s security the development, evaluation and implementation of governance, risk and compliance and processes to mitigate cybersecurity risk and ensure protection of company and allied assets and information. Stays current on current and pending laws and regulations, industry standards and customer and vendor contracts to understand and communicate compliance requirements. Focus is data protection and compliance. Responsible for hardware, software and network firewalls and encryption protocols. Responsible for network security audits and testing and evaluates system security configurations to ensure efficacy and compliance with policies and procedures. May conduct penetration testing and vulnerability assessments of applications, operating systems and/or networks. May respond to cybersecurity breaches, identify intrusions and isolate, block and remove unauthorized access. May assist in the creation and implementation of security solutions.

Job Responsibilities

• Build and operate Green Dot Cloud's security systems for automated detections and responses in Azure and AWS
• Proactively identify risks and malicious activity in our cloud infrastructure and systems
• Analyze systems, logs, events, and alerts for signs of malicious activity
• Write custom detections rules and tools to monitor, analyze, and detect malicious activity
• Build automation for response and remediation of malicious and anomalous activity
• Develop and deploy new security practices, policies and tools to multiple environments.
• Document new and/or update existing security procedures, architecture and knowledge base articles.
• Drive implementation of countermeasures, mitigations, and containment
• Collaborate with engineering, IT, and other security teams to develop scalable and flexible solutions for defending Green Dot’s Cloud from low-level actors to nation state actors.
• Build, cultivate, and maintain positive relationships with internal customers to identify and facilitate solutions to increase the impact of the team's work
• Provide feedback into Green Dot products, modules, and services to improve cybersecurity capabilities as an internal customer with real-world experiences.
• Be on periodic on-call for triage of critical alerts from detections

Job Requirements

• 4+ years of experience with building and operating a SIEM (i.e. Splunk, Sentinel, etc.) or cloud-based security analytics for security data search and analysis operations.
• 4+ years of experience in cloud hosted environments (e.g. Azure, AWS)
• 4+ years of experience building security tools in using DevOps application development practices (e.g. Git, JIRA, Kanban) and deployment (e.g. Jenkins, GitHub Action Runners, CloudFormation, Terraform)
• 4+ years of experience threat hunting tactics and techniques in Linux, containers, and serverless systems to proactively identify known and unknown cyber threats, advisory behaviors, and anomalies
• Solid understanding of modern attacker tactics, techniques, and procedures (TTPs) (e.g. MITRE ATT&CK, building threat intelligence, etc.)
• Experience with building and operating a SIEM in cloud (i.e. Splunk, Sentinel, etc.) or cloud-based security analytics for cloud security data search and analysis operations.
• Experience in securing cloud infrastructure (Azure,AWS) using native and 3rd party tools (e.g. Palo Alto Prisma, Azure Policy, Intune, Cloud Trail, AWS Config)
• Experience with network firewall configuration (e.g. Cisco, Palo Alto, Azure FW)
• Experience with web proxy solutions (e.g. Websense, Azure Global Connect)
• Experience designing and building defense-in-depth security monitoring to aid in detection, triage, analysis, and response
• Working with industry security and risks standards (e.g. FedRAMP Moderate, PCI DSS, SOC2, ISO 27001, CIS Benchmarks) for sensitive data protection

POSITION TYPE

Regular

PAY RANGE

The targeted base salary for this position is $120,700 to $180,900 per year. The final compensation will be determined by a number of factors such as qualifications, expertise, and the candidate’s geographical location.

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>

Green Dot promotes diversity and provides equal opportunity for all applicants and employees. We are dedicated to building a company that represents a variety of backgrounds, perspectives, and skills. We believe that the more inclusive we are, the better our work (and work environment) will be for everyone. Additionally, Green Dot provides reasonable accommodations for candidates on request and respects applicants' privacy rights.

Green Dot Corporation (NYSE: GDOT) is a financial technology and registered bank holding company committed to transforming the way people and businesses manage and move money, and making financial wellbeing and empowerment more accessible for all.

Our proprietary technology enables faster, more efficient electronic payments and money management, powering intuitive and seamless ways for people to spend, send, control and save their money. Through our retail and direct bank, we offer a broad set of financial products to consumers and businesses including debit, prepaid, checking, credit and payroll cards, as well as robust money processing services, tax refunds, cash deposits and disbursements. Our Banking as a Service ("BaaS") platform enables a growing list of America's most prominent consumer and technology companies to design and deploy their own customized banking and money movement solutions for customers and partners in the US and internationally.

Founded in 1999 and headquartered in Austin, TX, our company has served more than 33 million customers directly, and now operates primarily as a "branchless bank" with more than 90,000 retail distribution locations nationwide. Green Dot Bank is a subsidiary of Green Dot Corporation and member of the FDIC.

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>

What We Do: We build simple, seamless and secure financial tools for our customers and powerful solutions that fuel engagement, trust and value for partners.

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>

Our Mission: We give you the power to bank seamlessly, affordably and with confidence.

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>

Our Purpose: Access should not be a privilege, and we envision a world where modern banking and money management are at everyone’s fingertips—where banking enhances the flow of life.

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>

Our Values: Stewardship, Trust, Action, High Performance, and Teamwork.