Senior Offensive Security Engineer

About the role

We are seeking a Senior Security Engineer to build and lead our Offensive Security program. In this role, you will attack Chime's services, applications, and infrastructure to discover security issues and report them to our internal technology teams. This position will offer you the opportunity to grow your technical and leadership skills while being part of a collaborative and dynamic team that finds joy in problem-solving and innovating together at Chime.

The ideal candidate will be an offensive cybersecurity professional with a passion for analyzing codebases, testing hypotheses, and designing tools to impact web applications and their infrastructure. This Engineer will work closely with teams throughout Information Security, as well as provide technical leadership and advice to teams and leaders throughout Chime. You will be in direct contact with teams in a variety of business verticals, giving you first hand knowledge about how Chime is built and how it operates at a deep, technical level. Additionally, you will leverage the knowledge you gain about Chime to find new ways to break services, processes, and infrastructure throughout the company.

We're a small, dedicated team that's always thinking of innovative ways to tackle challenging security problems. We take on ambitious projects that have a significant impact on our members and help build a strong security culture within our company. The team encourages discussing the problems we are solving, the methods we use, and celebrating our accomplishments through public blogs and at conferences. If these resonate with the way you work, we'd love to hear from you.

The base salary offered for this role and level of experience will begin at $181,000 and up to $250,000. Full-time employees are also eligible for a bonus, competitive equity package, and benefits. The actual base salary offered may be higher, depending on your location, skills, qualifications, and experience.
In this role, you can expect to

• Independently manage complete red team exercises.
• Partner with Engineering, Product, IT, and other business functions to drive security improvement across the organization
• Research emerging attack vectors, vulnerabilities and techniques
• Utilize your offensive skills to identify weaknesses and build defenses against those who may point their attacks at Chime
• Develop custom payloads and exploits
• Emulate adversaries like cybercriminals and insider threats by attacking web applications, cloud platforms and supporting services(Kubernetes / Container Orchestration platforms etc.)
• Collaborate closely with detection engineers to build high fidelity alerting based on emerging attack vectors and tactics, techniques and procedures
• Participate in purple-team exercises to mature the security program

To thrive in this role, you have

• 4+ years of combined experience in either an offensive security, red teaming, or application security role.
• Experience in conducting surreptitious cloud based attacks
• Experience with developing custom tools and payloads which bypass defensive products, and remain undetected in a mature network environment
• Ability to perform unsupervised red team engagements and experience with performing adversarial simulation
• Ability to explain vulnerabilities and weaknesses to non-technical stakeholders
• (Nice to have) Relevant certifications: OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert) and OSEE (Offensive Security Exploitation Expert), Certified Red Team Operator (CRTO), GIAC Red Team Professional certification (GRTP)

#LI-Hybrid #LI-JL1

A little about us

At Chime, we believe that everyone can achieve financial progress. We created Chime-a financial technology company, not a bank*-on the premise that core banking services should be helpful, easy, and free. Through our user-friendly tools and intuitive platforms, we empower our members to take control of their finances and work towards their goals. Whether it's starting a savings account, purchasing a first car or home, launching a business, or pursuing higher education, we're proud to have helped millions unlock their financial potential.

We're a team of problem solvers, dreamers, and builders with one shared obsession: our members. From day one, Chimers have worked tirelessly to out-hustle and out-execute competitors to bring our mission to life. Their grit and determination inspire us to work harder every day to deliver the very best experience possible. We each bring an owner's mindset to our work, refusing to be outdone and holding ourselves accountable to meet and exceed the highest bars for our teams, our company, and our members.

We believe in being bold, dreaming big, and taking risks, while also working together, embracing our diverse perspectives, and giving each other honest feedback. Our culture remains deeply entrepreneurial, encouraging every Chimer to see themselves as stewards of our mission to help everyday Americans unlock their financial progress.


We know that to achieve our mission, we must earn and keep people's trust-so we hold ourselves to the highest standards of integrity in everything we do. These aren't just words on a wall-our values are embedded in every aspect of our business, serving as a north star that guides us as we work to help millions achieve their financial potential.

Because if we don't-who will?

*Chime is a financial technology company, not a bank. Banking services provided by The Bancorp Bank, N.A. or Stride Bank, N.A., Members FDIC.
What we offer for our full-time, regular employees

• Our in-office work policy is designed to keep you connected - with four days a week in the office and Fridays from home for those near one of our offices, plus team and company-wide events depending on location. Whether you're coming in regularly or are part of our fully remote program, you'll stay engaged with your work and teammates.
• In-office perks including backup child, elder, and/or pet care, plus a subsidized commuter benefit to support your regular commute
• Competitive salary based on experience
• 401k match plus great medical, dental, vision, life, and disability benefits
• Generous vacation policy and company-wide Chime Days, bonus company-wide paid days off
• 1% of your time off to support local community organizations of your choice
• Annual wellness stipend to use towards eligible wellness related expenses
• Up to 24 weeks of paid parental leave for birthing parents and 12 weeks of paid parental leave for non-birthing parents
• Access to Maven, a family planning tool, with $15k lifetime reimbursement for egg freezing, fertility treatments, adoption, and more.
• In-person and virtual events to connect with your fellow Chimers-think cooking classes, guided meditations, music festivals, mixology classes, paint nights, etc., and delicious snack boxes, too!
• ♥ A challenging and fulfilling opportunity to join one of the most experienced teams in FinTech and help millions unlock financial progress

We know that great work can't be done without a diverse team and inclusive environment. That's why we specifically look for individuals of varying strengths, skills, backgrounds, and ideas to join our team. We believe this gives us a competitive advantage to better serve our members and helps us all grow as Chimers and individuals.

Chime is proud to be an Equal Opportunity Employer. We consider qualified applicants without regard to race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, genetic information, veteran status, or any other legally protected basis under provincial, federal, state, and local laws, regulations, or ordinances. We will also consider qualified applicants with criminal histories in a manner consistent with the requirements of state and local laws, including the San Francisco Fair Chance Ordinance, Cook County Ordinance, NYC Fair Chance Act, and the LA City Fair Chance Ordinance, and consistent with Canadian provincial and federal laws. If you have a disability or special need that requires accommodation during any stage of the application process, please contact: View email address on click.appcast.io.

To learn more about how Chime collects and uses your personal information during the application process, please see the Chime Applicant Privacy Notice.