SanFranRecruiter Since 2001
the smart solution for San Francisco jobs

Security Engineer

Company: Column
Location: San Francisco
Posted on: February 10, 2024

Job Description:

About Column

For companies building financial technology and transforming the financial services space, the biggest bottleneck to their growth and innovation is often the underlying banks and infrastructure stack they rely on. We have spent our careers founding and scaling companies like Plaid, Square, SoFi, Blend, and Affirm, and have seen this problem firsthand - builders and developers needing to partner with traditional banks, and creating API and abstraction layers over the patchwork that is the bank, its core, and many other vendors. All of this results in a complex (and often expensive) banking supply chain involving a user, fintech, BaaS middleware provider, bank, core and the Federal Reserve.

At Column, we set out to simplify and fix this. We are a bank and a software company built from the ground up, offering builders and developers technology-forward banking solutions that cut out the hundreds of vendors, middleware providers, and abstraction layers. This means a safer, more transparent, and less costly banking supply chain. Come build with us!

The opportunity

The Security Engineer will leverage their experience with cloud-based services (e.g., major cloud providers, EDR, SIEM, identity providers, vulnerability scanners) to advance the maturity of the Bank's information security program. As a member of the engineering team, they will work with software engineers to ensure that the Bank's in-house applications and infrastructure are built securely and keep customer information safe from existing and emerging threats. They will work hands-on to optimize usage of the tools currently in place, and will deploy new solutions as needed to better support Bank operations. The Bank is driven by modern solutions and a methodical approach to secure design. The Security Engineer will play a key role in ensuring that systems are built according to sound security practices, and that all personnel clearly understand the importance of security at the bank.

This role is an in-person position, where you'll be expected to work out of our Presidio-based office in San Francisco 3+ days a week.

What you'll do

  • Triage and respond to security events and incidents, and act as the incident commander to coordinate cross-functional teams involved in the response process
  • Build out a comprehensive vulnerability and patch management process that is automated and produces centralized reports
  • Define technical standards and configure critical services related to cloud infrastructure (AWS), identity management, and endpoint protection
  • Respond to bug bounty reports submitted by security researchers, determine the actual impact to the bank, and work alongside other engineers to remediate issues
  • Utilize SIEM tooling to aggregate logging sources and write alerts that support the investigation of security threats
  • Perform secure design reviews, facilitate threat modeling, and provide input on systems other teams are building
  • Deploy monitoring and alerting for key security controls (SDLC/changes, intrusion detection, vulnerability management, data loss prevention)
  • Deploy and operationalize tools that deliver security functionality and improve the program

    What you'll need to be successful
    • Bachelor's degree in Computer Science, Information Technology, or related field
    • 6-10 years of experience in a technology governance, risk, and compliance related role
    • Fluency in a programming language, with the ability to write scripts and internal tool to automate information security controls
    • Knowledge of regulatory requirements and industry standards related to banking technology governance, risk, and compliance, such as NIST Cybersecurity Framework, ISO 27001, SOC 2, and FFIEC IT Examination Handbook
    • Strong analytical and problem-solving skills
    • Excellent writing and communication skills
    • Collaborative - willing and able to work effectively with both business and engineering stakeholders
    • Professional certifications related to technology GRC or cybersecurity, such as CISA, CRISC, or CISSP, are a plus

      What you'll get from us
      • Flexible PTO
      • Competitive medical, dental, and vision plans (including options 100% subsidized by Column)
      • FSA + HSA options
      • 401(k) plan
      • Commuter benefits
      • Sponsored lunches and dinners

        Pay transparency

        The annual base salary range for this position is $120,000 - $160,000, exclusive of equity compensation and benefits.

        The range provided may be inclusive of several career levels at Column, and will be narrowed during the interview process based on a number of factors including, but not limited to, the candidate's skill sets, experience, licensure and certifications, location, and other business and organizational needs.

        We look forward to hearing from you

        Column is committed to working with the best and brightest people from the broadest talent pool possible. We value bringing together a team with different perspectives, educational backgrounds, and life experiences, and believe a diversity of ideas is what allows us to develop the best solutions. All qualified individuals are encouraged to apply.

        If you need assistance or a reasonable accommodation during the application and recruiting process, please reach out to

        We participate in the E-Verify program in certain locations as required by law. Learn more about the E-Verify program here.

Keywords: Column, San Francisco , Security Engineer, Engineering , San Francisco, California

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest California jobs by following @recnetCA on Twitter!

San Francisco RSS job feeds