DriveWealth, the pioneer of fractional equities trading and embedded investing, is a visionary technology company that empowers more than 100 partners around the world to engage their customers by placing the markets in the palm of their hand. We believe the future is fractional, transactional and mobile. Every mobile device should be a gateway to accessing investing and savings products, services, advice, and assistance for global citizens of all ages, wealth stages, and levels of financial expertise. DriveWealth’s unparalleled consultative support and cloud-based, industrial strength technology platform allow partners to seamlessly offer branded investing experiences to drive customer acquisition, loyalty, retention, and revenue growth. DriveWealth’s commitment to continuous evolution and innovation makes it the partner of choice for powering the future of investing.
Recently completing a Series D raise, DriveWealth’s mission is to democratize investing globally by working with partners to invent new ways to use its API-based technology to provide emerging investors with cutting-edge embedded experiences, offer first-time access to U.S. markets, and the ability to begin investing with as little as $1. DriveWealth is committed to empowering consumers around the world to become owners by delivering the most modern brokerage infrastructure, unparalleled industry expertise, and a culture of continued evolution.
- Lead and support application security reviews and threat modeling, including code review and dynamic testing.
- Own and perform application security vulnerability management.
- Facilitate and support the preparation of security releases.
- Support and consult with product and development teams in the area of application security.
- Engineer development lifecycle process workflows for automated security testing and assure that secure coding best practices are being used.
- Support and evolve the bug bounty program.
- Lead both critical and regular security releases.
- Lead in development of automated security testing to validate that secure coding best practices are being used.
- Guide and advise product development teams as a SME in the area of application security.
- Development or scripting experience and skills in Java and Python.
- Hands-on experience with JDBC, java, networking, Kafka, and Docker containers.
- Familiarity with Docker and best practices with Docker security, both in public clouds and on premises registries.
- Experience with OWASP, static/dynamic analysis, and common security tools.
- A basic understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, protocols).
- Familiarity with cloud & colo security controls and best practices.
- Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
- Develop security training and socialize the material with internal development teams.
- Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area.
- Strong understanding and experience with common security libraries, security controls, and common security flaws.
- Be a subject matter expert (SME) of at least 1 technical area impacting the security of the product.
- Strong experience working closely with developers.
- Self-driven individual that is capable of looking at a set of code changes, and determine what needs to be verified.
- Insurance – Health, Dental, Vision, Life, Legal. HSA and FSA options.
- 401k plan
- Equity Stock Options
- Flexible working hours and work from home
- Paid time off and holidays
- Reimbursement for continuing education and conferences
- Snacks and beverages available in the office
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
TO ALL AGENCIES: Please, no phone calls or emails to any employee of DriveWealth outside of the Talent organization. DriveWealth’s policy is to only accept resumes from agencies via Greenhouse (ATS). Agencies must have a valid services agreement executed and must have been assigned by the Talent team to a specific requisition. Any resume submitted outside of this process will be deemed the sole property of DriveWealth. In the event a candidate submitted outside of this policy is hired, no fee or payment will be paid.