Senior Staff Product Security Engineer at Greenlight

Greenlight is the leading family fintech company on a mission to help parents raise financially smart kids. We proudly serve more than 6 million parents and kids with our award-winning banking app for families. With Greenlight, parents can automate allowance, manage chores, set flexible spend controls, and invest for their family’s future. Kids and teens learn to earn, save, spend wisely, and invest.    At Greenlight, we believe every child should have the opportunity to become financially healthy and happy. It’s no small task, and that’s why we leap out of bed every morning to come to work. Because creating a better, brighter future for the next generation depends on it. We are seeking a seasoned and highly accomplished Senior Staff Product Security Engineer to join our security leadership team. This is a senior individual contributor role that carries significant organizational influence. You will define the technical vision for product security at Greenlight and set the standard for how we build and ship secure software. The ideal candidate brings deep, hands-on expertise paired with the strategic mindset to drive large-scale security initiatives from concept to production. You will operate across the full breadth of our engineering organization, embedding security into every layer of our SDLC, shaping architecture decisions, and building the programs and processes that protect millions of families who trust us with their financial, location and personal data. This role reports to the VP, Security GRC & Trust. Technologies we use: • Node.js, Java/Kotlin, React, Redux, Swift, SwiftUI • AWS, GCP • MySQL, DynamoDB, Redis • Kubernetes, Ambassador, Helm, Rancher Your day-to-day: • Define and lead the long-term product security strategy, roadmap, and vision in alignment with company goals, risk appetite, and regulatory requirements. • Serve as the internal authority on application and product security, providing expert guidance to engineering, product, and executive leadership. • Drive a company-wide culture of security ownership embedding security thinking deeply into the habits of every engineering team. • Architect and continuously evolve a best-in-class Product Security program, spanning threat modeling, SAST, DAST, IAST, SCA, runtime protection, and API security. • Lead the design and enforcement of secure development standards across web, mobile, and cloud including secure coding guidelines, IaC policies, and API security frameworks. • Identify and drive resolution of systemic, high-impact vulnerabilities and architectural security gaps across Greenlight's platform. • Lead and mature Greenlight's penetration testing program, both through internal efforts and external vendor partnerships. • Partner with engineering and platform teams to build security-enhancing product features that protect our customers' financial data. • Establish and lead incident response processes for product-level security events, including root cause analysis and systemic remediation. • Evaluate and introduce emerging security tooling, techniques, and frameworks to keep Greenlight ahead of the threat landscape. • Mentor staff and senior engineers across the security and engineering organizations, raising the overall security engineering capability of the company. What you’ll bring to the team: • 12+ years of experience in product security, application security, or a related engineering discipline. • Proven track record of defining and driving security programs at scale across complex, multi-platform environments. • Hands-on experience architecting and implementing security solutions and processes in production environments, enabling engineering teams to build and ship securely at scale. • Expert-level knowledge of web and mobile application security, including OWASP Top 10, API security, and mobile threat vectors (iOS and Android). • Deep hands-on experience with the full AppSec toolchain: SAST, DAST, IAST, SCA, secrets scanning, and runtime protection. • Strong command of cloud security architecture and controls, particularly in AWS environments. • Experience leading or heavily influencing the security architecture of distributed, microservices-based systems. • Experience in developing and implementing security solutions • Demonstrated ability to build strong cross-functional relationships and influence engineering culture without direct authority. • Exceptional communication skills — you can distill complex security risk into clear, actionable language for engineers, executives, and non-technical stakeholders alike. • Experience operating in regulated industries (e.g. financial services, fintech, healthcare). • Plus: Hands-on certifications such as OSCP, GWAPT, GPEN, CISSP, or equivalent — and/or public code/research. Share your GitHub or any public security work with us! • Plus: Experience building or scaling Product Security programs in high-growth startup environments. • Plus: Familiarity with security tools including Burp Suite, or Kali Linux. Work perks at Greenlight: • Medical, dental, vision, and HSA match • Paid life insurance, AD&D, and disability benefits • Traditional 401k with company match • Unlimited PTO • Paid company holidays and pop-up bonus holidays • Professional development stipends • Mental health resources • 1:1 financial planners • Fertility healthcare • 100% paid parental and caregiving leave, plus cleaning service and meals during your leave • Flexible WFH, both remote and in-office opportunities • Fully stocked kitchen, catered lunches, and occasional in-office happy hours • Employee resource groups Our stance on salaries: Greenlight provides a competitive compensation package with a market-based approach to pay and will vary depending on your location, experience and skill set. The total compensation package for this position will also include a discretionary performance bonus, equity rewards, medical benefits, 401K match, and more. Greenlight conducts continuous compensation evaluations across departments and geographies to ensure we are keeping our pay current and competitive.   The estimated base pay range for this position in (NY, CA, WA): $180,000-240,000 The estimated base pay range for this position in (CO): $180,000-220,000 Who we are: It takes a special team to aim for a never-been-done-before mission like ours. We’re looking for people who love working together because they know it makes us stronger, people who look to others and ask, “How can I help?” and then “How can we make this even better?” If you’re ready to roll up your sleeves and help create a world where every child grows up to be happy and healthy in money and life, apply to join our team.    Greenlight is an equal opportunity employer and will not discriminate against any employee or applicant based on age, race, color, national origin, gender, gender identity or expression, sexual orientation, religion, physical or mental disability, medical condition (including pregnancy, childbirth, or a medical condition related to pregnancy or childbirth), genetic information, marital status, veteran status, or any other characteristic protected by federal, state or local law.   Greenlight is committed to an inclusive work environment and interview experience. If you require reasonable accommodations to participate in our hiring process, please reach out to your recruiter directly or email [Upgrade to PRO to see contact].