Staff Product Security Operations Engineer (Incident Response Lead)
Returnly
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
Affirm recognizes that security is essential to the company’s ongoing success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products. The Security Operations (Sec Ops) program is the foundation of both preventive and responsive security practices to protect Affirm’s assets from an adverse security event.
As a member of the Security Team at Affirm, you will be joining a team of fun, passionate and highly skilled individuals who like solving security challenges and enjoy learning new skills. We partner together with a team first mindset and are keen on redefining security in the fintech space.
We're seeking a Staff Sec Ops Engineer to lead the Incident Response pillar, driving remediation and response efforts company-wide. In this role, you will act as incident Commander during security incidents, leading the team to resolution in high-pressure situations including making decisions in ambiguous situations. You'll also contribute to maturing other programs within the Sec Ops team, such as logging & detection, in our engineering-driven cloud infrastructure environment.
This is an extremely cross-functional and collaborative role that will span multiple functions across the company. You will get to partner with internal Security teams (such as Platform Security, Corporate Security) as well as other external teams (such as Infrastructure, Observability, Privacy/Compliance) to create and improve security operations capabilities. You'll work with these teams to tackle complex security problems and design solutions that align with our broader organizational goals. Your impact will not only be within the company but also in improving the trust and security of millions of customers.
What You'll Do
- Lead security incident response efforts driving detection & response across the organization through all phases of an incident from identification to post-incident retrospective.
- Serve as incident commander in large scale security incidents driving action oriented containment & remediation results.
- Be the senior escalation point for the team when needed assisting with investigations and incidents (this is a very hands on role).
- Balance both tactical & strategic thinking in high pressure situations using facts & clear communications to lead the response team to next steps.
- Provide briefings, status updates, and advice to a variety of audiences, including technical and executive leadership teams during incidents.
- Lead developing and maturing security incident response playbooks and processes.
- Contribute to engineering projects which build, maintain and improve our current monitoring, detection & response programs.
- Contribute to our detection program by creating advanced detections based on frameworks such as MITRE ATT&CK.
- Collaborate with cross functional teams across Affirm and lead key security projects.
- Lead incident response training, road shows, and learning sessions across both engineering and non-engineering teams.
- We highly encourage and support external engagement, publications, presentations with the security community as well.
What We Look For
- A seasoned Detection and Response Engineer with experience leading investigations and incidents including containment actions and forensics when needed in an engineering focused cloud heavy environment (AWS, EKS experience strongly preferred).
- 7+ years of experience with Detection and Response engineering with a significant focus on leading incidents and crises.
- Ability to handle high pressure, complex situations in a calm and thoughtful manner, and when needed be the voice of reason and calm across the incident group.
- Strong ability to analyze, parse and correlate information against data from multiple sources and when needed engineer solutions to do the same.
- Strong communication skills with the ability to switch communication styles when needed between technical and non-technical audiences.
- Demonstrated experience in common Sec Ops tooling including but not limited to: Elastic, Splunk, Hive, Crowdstrike Falcon or similar.
- Experience in creating automations to improve IR program workflows and capabilities (Python preferred)
- Experience with developing & supporting native data ingestion and data normalization integrations.
- Ability to lead large projects and work with cross functional stakeholders throughout the organization.
- Ability to partner with Legal & Compliance teams for relevant incident reporting requirements across regulatory bodies.
- Experience in building actionable threat intelligence & hunting programs is always a bonus!
- This position requires either equivalent practical experience or a Bachelor’s degree in a related field
Pay Grade - P
Equity Grade - 13
Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills.
Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents.)
USA base pay range (CA, WA, NY, NJ, CT) per year: $225,000 - $275,000
USA base pay range (all other U.S. states) per year: $200,000 - $250,000
#LI-Remote
Affirm is proud to be a remote-first company! The majority of our roles are remote and you can work almost anywhere within the country of employment. Affirmers in proximal roles have the flexibility to work remotely, but will occasionally be required to work out of their assigned Affirm office. A limited number of roles remain office-based due to the nature of their job responsibilities.
We’re extremely proud to offer competitive benefits that are anchored to our core value of people come first. Some key highlights of our benefits package include:
- Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
- Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
- Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
- ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount
We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.
[For U.S. positions that could be performed in Los Angeles or San Francisco] Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles Fair Chance Initiative for Hiring Ordinance, Affirm will consider for employment qualified applicants with arrest and conviction records.
By clicking "Submit Application," you acknowledge that you have read the Affirm Employment Privacy Policy for applicants within the United States, the EU Employee Notice Regarding Use of Personal Data (Poland) for applicants applying from Poland, the EU Employee Notice Regarding Use of Personal Data (Spain) for applicants applying from Spain, or the Affirm U.K. Limited Employee Notice Regarding Use of Personal Data for applicants applying from the United Kingdom, and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as described therein.