AppSec Jobs
← Back to all jobs

Plaid

Senior Product Security Engineer

New York City Metropolitan AreaPosted 2 weeks ago$204,156.00 - $281,196.00 per yearWebsite
Apply on LinkedIn →

At a Glance

KubernetesDockerPen TestingThreat ModelingSASTDAST

About This Role

The mission of Plaid's Product Security Team is "Improve our customer's trust by assuring secure development and delivery of products and services, minimizing risk to the ecosystem, and preventing security incidents." The Product Security team is responsible for managing the security processes, policies and controls to secure Plaid's developer and consumer facing products. The product security team is focused on areas like Application Security, Vulnerability Management, Secure Development Lifecycle, Penetration Testing and Cloud Security. As an Experienced Product Security Engineer at Plaid, you'll be a trusted advisor, collaborating closely with engineering and product teams to ensure security is a cornerstone of every product. You'll partner with leadership to shape product strategy, advocate for strong security controls, and influence future product iterations. By leveraging your deep industry knowledge, you'll lead the charge in implementing secure architecture and design principles, ensuring early detection and prevention of vulnerabilities. Your expertise in security assessments and penetration testing will help identify and mitigate potential threats, while your mentorship and training efforts will foster a security-conscious culture. By owning specific areas of Plaid's product portfolio, you'll provide expert guidance and minimize risks, ultimately strengthening Plaid's security posture.

Responsibilities

  • Collaborate with engineering and product teams to integrate security into the product lifecycle, from inception to deployment, ensuring that security is a core consideration in all design and development decisions.
  • Conduct Threat Modeling and Risk Assessments from the early stages of the product development lifecycle to identify, assess, and prioritize security risks, enabling proactive mitigation strategies.
  • Perform rigorous security testing and reviews for new features being built in the assigned area to uncover and address security weaknesses.
  • Lead incident response efforts, investigate root causes, and implement corrective actions to minimize impact and prevent future occurrences.
  • Foster a Security-Conscious Culture by educating and empowering engineering and product teams through training, awareness campaigns, and mentorship, cultivating a strong security mindset.

Requirements

SASTDASTBurp SuiteDockerKubernetes
  • 5+ years of proven experience in product and application security concepts, including API, web, and mobile app security.
  • Ability to communicate complex security concepts to technical and non-technical audiences, including senior leadership.
  • Expertise in conducting comprehensive threat modeling and risk assessments to identify and mitigate vulnerabilities.
  • Proficiency in secure SDLC practices, application security testing tools (SAST, DAST, Burp Suite), container security (Docker, Kubernetes), and cloud security.
  • Proven ability to thrive in fast-paced environments and excel in ambiguous situations.
  • Knowledge and experience in securing AI/ML based products (nice to have).
  • Experience with the risk management associated with financial technology companies (nice to have).
  • Experience with red teaming or penetration testing (nice to have).

Benefits & Perks

Comprehensive benefit plan, including medical, dental, and vision coverage.
401(k) retirement plan.
Additional compensation in the form(s) of equity and/or commission dependent on the position offered.

About Plaid

Plaid is a prominent fintech company founded in 2013, specializing in creating secure connections between financial applications, banks, and users' accounts. It supports over 12,000 applications and connects to approximately 10,000 banks globally. Plaid's mission is to democratize financial services through technology, acting as a secure intermediary for data transfer. The platform serves half of U.S. adults and has a valuation of around $13.4 billion. Plaid's flagship product, Plaid Link, offers a developer-friendly API for seamless onboarding, enabling apps to access banking data without direct bank integrations. The company provides various services, including secure bank payments, fraud prevention, personal finance insights, and compliance solutions. Its offerings are designed to enhance user experience and improve financial services through a growing network of connections. Notable applications powered by Plaid include Venmo, Robinhood, and Coinbase, among others, supporting a diverse ecosystem for consumers and businesses alike.

Industry

information technology & services

Employees

1,300

401 engineers

Revenue

$575M

Website

Visit →

Security at Plaid

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Plaid's AppSec philosophy centers on improving customer trust through the secure development and delivery of products.
  • They emphasize a 'shift left' approach, aiming to make the secure path the easiest path for engineers by automating vulnerability detection and remediation workflows within the CI/CD pipeline to reduce operational toil.

Security Team

  • The Product Security team at Plaid is responsible for managing security processes, policies, and controls for both developer and consumer-facing products.
  • The team is led globally by Nitin Chauhan.
  • Current recruitment efforts indicate a focus on Senior Product Security Engineers and Software Engineers specialized in Product Security.

Key Initiatives

  • Active initiatives include the development of 'paved roads' for developers to integrate security controls by default and the maintenance of a vulnerability management orchestration service.
  • Operational workflows include threat modeling and risk assessments at early development stages, rigorous security testing for new features, and a public bug bounty program with defined SLAs (48-hour response, 5-day triage).

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.

Interested in this role?

Apply on LinkedIn