GRC Engineer - Cloud & Application Security
United States (Remote)
One’s mission is simple - to help customers achieve financial progress. We’re doing this by creating simple solutions to help our customers save, spend, borrow, and grow their money – all in one place.
The U.S. consumer today deserves better. Millions of Americans today can’t access credit, build savings or wealth, and are left to manage their financial lives through multiple disconnected apps. Almost a quarter of U.S. adults are unbanked or underbanked and roughly 80% of fintech users rely on multiple accounts to manage their finances.
What makes us unique? We are backed by a preeminent fintech investor (Ribbit) and the world’s largest retailer (Walmart), maintain the speed and independence of a startup, and employ a strong (and growing) collection of world-class talent.
There’s never been a better moment to build a business that helps people achieve financial progress. Come build with us!
The roleAs a GRC Security Analyst, you will be instrumental in defining and implementing the overall strategy for One’s Information Security program, and will have opportunities to identify control gaps and lead initiatives to remediate such gaps.
You will be designing, overseeing and executing One’s information security risk management processes, including defining security standards and policies, performing internal and external security assessments, identifying and managing security risks, and supporting audits conducted by independent parties. You will be focusing on evaluating the security posture of our cloud infrastructure and application security designs, ensuring they comply with compliance frameworks such as SOC 2 and PCI DSS controls. The ideal candidate will have a strong technical background in cloud security and application security architecture, as well as a deep understanding of AWS services, containerized environments, and modern application frameworks.
This role’s responsibilities include:
Proactively evaluate the security configurations of One’s applications and AWS services, such as IAM, VPC, S3, EKS, RDS, and Lambda, based on best practices and One’s established security standards
Determine detailed remediation plans and steps for security gaps, and work independently or in conjunction with stakeholders to resolve such gaps
Define, publish, and maintain company-wide security standards and requirements based on industry best practices, evolving threat landscape, and new security-related regulations & frameworks
Perform in-depth security assessments of third party hosted applications and systems, and provide security recommendations on the desired integration with such systems
Collaborate with team members on performing security reviews on new product features, system architectures, and business processes
Support …
This job isn't fresh anymore!
Search Fresh JobsJob Profile
Remote
Benefits/PerksCompetitive cash Competitive cash benefits Early access Early access to a high potential, high growth fintech Effective on day one Flat titling structure Flexible time off Flexible time off programs Generous stock option packages Office friendly Other available benefits Pay Transparency Remote Friendly
Tasks- Perform security assessments
- Support audits
Analytical Application Security AWS CI/CD Cloud Security Communication Compliance Compliance requirements Containerization Docker EKS Engineering Fintech GRC HITRUST IAM Infrastructure Kubernetes Lambda NIST PCI DSS Problem-solving Product Management RDS Risk Management S3 Security Security standards SOC 2 VPC
Experience5 years
TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9