ABOUT TRUEBILL 🔮
Truebill is a YC-backed startup with offices in San Francisco and Washington, D.C. Our DC office is right on the Silver Spring metro! Hundreds of thousands of people use Truebill to manage their daily finances and take control of their money. We just recently announced our $17m Series C round of funding and are now looking to scale our all star team!
With a mission to improve the financial health of everyday people, Truebill is transforming the way people manage their expenses and grow their net worth. Through helping people cancel unnecessary subscriptions, negotiating bills, and securing refunds, we save our members money while helping them regain control over their finances.
We're looking for a Security Lead to drive all things security here at Truebill. Our users put an enormous amount of trust in us and in exchange we take pride in our dedication to security, ensuring that we're doing everything we can to protect our users' data and money. In this role, you will be taking ownership of the evolution of Truebill's security program. You will ensure top-notch security that actually works, while keeping the company productive.
ABOUT YOU 🦄
- You have experience building a security program at a tech company between 50 and 200 employees.
- You are hands-on and can work independently. You do not rely on a large security or IT team to execute on the security program.
- You are familiar with security best practices in AWS, and understand how to secure and monitor the necessary infrastructure to prevent and detect security issues.
- You understand that most standard pen testing doesn't actually guarantee much security. Similarly, you understand that certifications, such as SOC 2, do not guarantee security.
- You are able to prioritize the security roadmap by impact of a potential attack as well as likelihood of the attack.
- You have experience rolling out an SSO solution such as Okta or Rippling.
- Bonus: You have experience dealing with the security implications of storing sensitive financial information and money movement.
IN THIS ROLE, YOU WILL 🤹
- Be the primary security specialist at the company, charged with securing our cloud infrastructure as well as our endpoint devices and SaaS services.
- Make and own security policy to balance employee productivity and desired tooling, project feasibility, risk, cost, and other tradeoffs as appropriate.
- Direct a small IT team (likely 1 person to start) to ensure employee requests are dealt with in a timely manner without compromising on security. (Most IT requests revolve around SaaS provisioning and RBAC)
- Create and run programs that ensure “table stakes” security such as patching, authentication, and proper tool selection are done correctly with a high degree of reliability, clear metrics, and are robust to failure.
- Create threat models for all systems across the company, and use them to prioritize time based on risk impact.
- Obtain and maintain any compliance-related certifications such as SOC 2 Type II, PCI, ISO 27001/27002, etc.
- Maintain a clear mapping of where PII is stored, and monitor/restrict access to it as much as possible.
- Triage and investigate all security reports. Execute the Incident Response Plan if/when an incident occurs.
- Educate and train teams on security topics and skills.
WE OFFER 💫
- Health, Dental & Vision Plans
- Competitive Pay
- Matching 401k
- Unlimited PTO
Truebill, Inc. is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.