About Us

Venmo was founded on the principles of breaking down the intimidating barriers around financial transactions to make them intuitive, friendly, and even fun. And it worked: people love sending money with Venmo, and we’re growing by leaps and bounds!

But we’re only just getting started. We want to take that magic of sending money with Venmo and cascade it into every place where people use money. That means connecting people to their money in the most intuitive and fun way possible, then connecting people with each other. Users already love Venmo, but we know there are lots of things we haven’t thought of to make the experience of using Venmo even more delightful and valuable. All that’s going to take a lot of figuring out. Let’s figure it out together!

Information Security at Venmo

We are seeking an intelligent, motivated, and experienced security manager to join Venmo’s Information Security team. Our ideal candidate is excited with the opportunity to innovate on the cutting edge of secure mobile and cloud services through deep technical security knowledge and a solid work ethic. In this role, you will report directly to the Head of Business Unit Information Security at PayPal and be our representative to other business units as a subject matter expert on all things relating to information security at Venmo. This position is a technical managerial position, in which the ideal candidate will be able to function from not only a people, process, and planning perspective but also be a key contributor to security architecture and technology decisions. This role will also hold the responsibility of being the key director of all information security related projects and compliance decisions for Venmo. As the manager of Information Security you will be looked to as a leader in defining, communicating, planning, and executing on all company and business unit goals in the security and compliance space.

Manager of Information Security

A typical day might include working with your team in identifying a potential application vulnerability, building and responding to security alerts, or working with our Product and technical teams to design a new platform feature securely. You will be managing the direction of our growing suite of advanced tools and identifying opportunities for improvements in our mobile and cloud platform as well as the cross-functional team that supports them.
If you are up to the challenge and want to join our front line make moving money simple, please contact us immediately.

What You’ll Do

• Drive application and network security activities for all facets of Venmo
• Manage a team of highly skilled security and platform engineers in a devops model
• Evaluate, design, deploy, support, and monitor information security systems
• Identify security exposures and develop mitigation plans
• Build and execute on project roadmaps
• Work with the technical operations team to implement information security solutions
• Plan and run security awareness exercises and teach secure behavior and methods
• Lead and manage security incident response activities and forensic investigations
• Lead the implementation of best-practice security procedures, standards, and guidelines
• Support Venmo in developing and maturing their own application security program
• Lead compliance activates such as external audits from customers, regulatory compliance projects, and overall information security reviews
• Support integration with the PayPal Information Security and be central point of contact
• Engage in cross business unit Security teams as the lead representative for Venmo

What We’re Looking For

• Minimum 8 years of on the job information security experience
• Minimum 5 years managing technical teams
• Experience working with and managing application security programs in an agile environment
• Bachelor’s degree in Computer Science/Engineering/Information Security or equivalent work experience
• Experience with financial industry security governance, including PCI DSS, SOC2 and state regulations
• Self-starter, able to work with a mix of technical and non-technical clients
• Strong documentation skills are a must
• Ability to perform technical risk assessments, triage security-testing results and manage security response actions.
• Ability to manage a team of engineers to drive completion of projects and initiatives
• Demonstrable expertise in:
  • Linux / Windows / workstation / mobile device security hardening
  • Understanding Cloud Security best practices
  • External Regulatory compliance efforts, specifically PCI DSS
  • Secure Development Lifecycle practices and methods
  • Technical monitoring, troubleshooting, impact determination, and problem solving
  • Vulnerability and penetration testing
• Experience researching, implementing and administration of security infrastructure
  • Application vulnerability and Web Application protection solutions
  • Cloud based IaaS/PaaS knowledge and understanding (AWS/Azure/GCP)
  • Intrusion protection, firewalls, and SIEM tools
  • File integrity monitoring, data loss prevention, and network access control
  • Event log aggregation and analysis

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don't hesitate to apply.