Application Security Engineer
Who we are
M1 Finance has created a personal wealth-building platform made for the modern era, uniting personal perspective and automated ease. We seamlessly combine free investing, low cost borrowing and digital checking all in one intuitive, automated Finance Super App, and we’re driven by a mission to empower personal financial well-being. We believe that financial well-being is fundamental to overall well-being, and we strive to deliver products that are simpler, smarter, and stronger than those created by our staid, boring, entrenched, slow-moving competitors in the personal finance industry.
Our clients have already trusted us with over $4 billion of assets, we’re currently helping hundreds of thousands of people grow and manage their wealth with our industry-leading automation and tools, and we’re adding thousands of new clients every day.
We’re looking for passionate people who want to improve and build on what we’ve created and take responsibility to help others build something meaningful and sustainable for their futures.
We mean it when we say, “M1 is yours to build.”
If this sounds interesting to you, we’d love to have you read on.
What You'll Do
- Collaborate with team members across functional areas to design and architect software security solutions to support and enhance M1’s product.
- Create secure code champion functionality through the organization to help promote secure, clean and maintainable code that adheres to industry best practices
- Identify and execute on opportunities to improve existing systems
- Build bug bounty program
- Automate security initiatives
- Contribute product ideas to overall company growth
- Grow alongside an exciting, committed team of engineers who will always help you be your best
Skills/Qualifications
- Proficiency in a JVM language, such as Scala, Kotlin, or Java.
- Experience developing and deploying secure code solutions
- Experience with Kubernetes.
- Familiarity with modern authentication and authorization best practices and technologies.
- Familiarity with modern data security best practices.
- Commercial experience and strong focus on the security of web applications, APIs and mobile applications.
- Experience with OWASP, static/dynamic analysis, and common exploit tools and methods.
- Familiarity with cloud security controls and best practices. Able to work across teams to tackle complex issues
- Work with engineers to coach them on finding and fixing security bugs
- Can teach secure coding techniques and methods
- Proven track record of positively contributing to a collaborative team in a remote environment
- Entrepreneurial spirit, self-motivated, growth-minded
Our Values
Our team embodies our eight core principles and if these principles speak to you – we’d love to talk with you.
- Mission Driven: We will passionately apply ourselves to deliver immense value to our customers, knowing if they succeed, so too will the company.
- Extreme Ownership: We think and act like owners. Our focus is on building long-term value, not scoring short-term marks. We own everything in our domain, including the outcome and everything that affects it.
- Boldness: We want to do things of consequence. Make a difference. We would rather fail at something meaningful than succeed at something trivial.
- Bias for action: The best way to make progress is to act.
- Economical: Efficiency is important, and we consider both the costs and benefits of our actions.
- Team-oriented: In working together, we maintain a low ego, make everyone feel welcome, assume good intent, trust one another, and seek out different perspectives. We empower our teammates to be at their best.
- Challenged, but not overwhelmed: We are curious people who always want to grow. Growth happens outside our comfort zone. We achieve our potential through consistent, manageable growth.
- Integrity: We do the right thing. When we make mistakes, we own and correct them. We would be proud of our actions are shared with our family, friends, and strangers. Everyone can count on us to act according to our values, beliefs, and principles we state we hold. This trust must never be broken.
Our Perks
- Unlimited PTO
- Comprehensive health, dental, vision, disability, and life insurance
- Stock options for all employees
- Retirement benefit with employer match
- $500 to spend on home office equipment while working from home
- Stylish M1 swag
- Socially distant team outings, celebrations, and events
- Transparent and open communication
- Office in the Loop with a Game Room and Gym