ABOUT TRUEBILL 🔮

Truebill is a YC-backed startup with offices in San Francisco and Washington, D.C. Our DC office is right on the Silver Spring metro! Hundreds of thousands of people use Truebill to manage their daily finances and take control of their money. We just recently announced our $17m Series C round of funding and are now looking to scale our all star team!

With a mission to improve the financial health of everyday people, Truebill is transforming the way people manage their expenses and grow their net worth. Through helping people cancel unnecessary subscriptions, negotiating bills, and securing refunds, we save our members money while helping them regain control over their finances.

We're looking for a Security Lead to drive all things security here at Truebill. Our users put an enormous amount of trust in us and in exchange we take pride in our dedication to security, ensuring that we're doing everything we can to protect our users' data and money. In this role, you will be taking ownership of the evolution of Truebill's security program. You will ensure top-notch security that actually works, while keeping the company productive.

ABOUT YOU 🦄

  • You have experience building a security program at a tech company between 50 and 200 employees.
  • You are hands-on and can work independently. You do not rely on a large security or IT team to execute on the security program.
  • You are familiar with security best practices in AWS, and understand how to secure and monitor the necessary infrastructure to prevent and detect security issues.
  • You understand that most standard pen testing doesn't actually guarantee much security. Similarly, you understand that certifications, such as SOC 2, do not guarantee security.
  • You are able to prioritize the security roadmap by impact of a potential attack as well as likelihood of the attack.
  • You have experience rolling out an SSO solution such as Okta or Rippling.
  • Bonus: You have experience dealing with the security implications of storing sensitive financial information and money movement.

 

IN THIS ROLE, YOU WILL 🤹

  • Be the primary security specialist at the company, charged with securing our cloud infrastructure as well as our endpoint devices and SaaS services.
  • Make and own security policy to balance employee productivity and desired tooling, project feasibility, risk, cost, and other tradeoffs as appropriate.
  • Direct a small IT team (likely 1 person to start) to ensure employee requests are dealt with in a timely manner without compromising on security. (Most IT requests revolve around SaaS provisioning and RBAC)
  • Create and run programs that ensure “table stakes” security such as patching, authentication, and proper tool selection are done correctly with a high degree of reliability, clear metrics, and are robust to failure.
  • Create threat models for all systems across the company, and use them to prioritize time based on risk impact.
  • Obtain and maintain any compliance-related certifications such as SOC 2 Type II, PCI, ISO 27001/27002, etc.
  • Maintain a clear mapping of where PII is stored, and monitor/restrict access to it as much as possible.
  • Triage and investigate all security reports. Execute the Incident Response Plan if/when an incident occurs.
  • Educate and train teams on security topics and skills.

 

 

WE OFFER 💫

  • Health, Dental & Vision Plans
  • Competitive Pay
  • Equity
  • Matching 401k
  • Unlimited PTO


Truebill, Inc. is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Apply for this Job

* Required
  
  


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at Truebill are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.