Tally makes people less stressed and better off financially. We've built the first fully automated debt manager to help people overcome credit card debt.Currently at Series C with $92MM in funding and backing from top investors including Andreessen Horowitz and Kleiner Perkins, we are a team that is democratizing financial services to put billions of dollars back in people’s pockets. Tally’s vision is to automate people’s entire financial lives so they can worry about money less and do what they love more.
Are you driven to make a real-world impact while leveraging public cloud infrastructure, Kubernetes, and microservices? Are you excited to champion the importance of core infrastructure security, availability, and reliability to achieve operational excellence? If you answered yes to these questions, we would love to talk to you! We are looking for a Senior Application Security Engineer to join our Engineering Operations Team to help us accelerate our Tally engineers’ ability to automate people’s entire financial lives.
Our Engineering Operations Team oversees the core cloud and corporate infrastructure and builds developer productivity tools to ship products faster, securely, at the quality. Our team empowers Tally engineers to become more effective and productive through automation, tooling, and IT systems.
Core Technologies: Kubernetes, ELK, Prometheus, Datadog, Postgres RDS, Redis, Puppet, Terraform, Scala, SBT, CI/CD (Jenkins, Bamboo, Gitlab) and various AWS services such as EC2, RDS, EMR, ECS, Redshift, etc.
What you'll do:
- Design and implement software security toolchain to secure our applications in AWS and Corporate IT environments
- Conduct in-depth security reviews of applications, back-end services, and business integrations
- Automate security controls to reduce Tally’s attack surface, proactively seek out vulnerabilities and reduce response and recovery times
- Develop comprehensive logging, asset inventory, and data classification procedures.
- Collaborate with product, design, data, and engineering teams to define needs that leverage the next generation of industry-leading technologies
- Collaborate with internal and external stakeholders to drive central security incident response management processes for Tally’s incidents
- Be a champion for security and user privacy
What you'll bring:
- Experience in securing infrastructure and applications in any public cloud-based providers such as Amazon Web Services, Microsoft Azure, or Google Cloud Platform
- Working knowledge of network-based and system-level attacks and mitigation methods
- Experience with enterprise/open-source monitoring and logging systems (Prometheus, NewRelic/Datadog, Grafana, Splunk, Pagerduty, ELK, etc) to diagnose and remediate applications and infrastructure vulnerabilities
- Experience implementing security controls for information security compliance programs including SOC-II, CCPA, and PCI
- Experience with Service Oriented Architectures (SOA), Docker Containers and scheduling frameworks (e.g Kubernetes, Amazon ECS)
- Experience with implementing vulnerability scans for CI/CD pipelines built using tools suite (Jenkins, Bamboo, Gitlab, Spinnaker, Harness, CircleCI,..)
- Experience with securing distributed streaming, messages systems and datastores (Kafka, EMR, Postgres, DynamoDB)