Offensive Security Engineer

Klarna Columbus , OH 43216

Posted 2 months ago

Klarna makes shopping smoooth. And we do it with flair because shopping is fun. Every day, we help customers, businesses, and partners explore just how smoooth the modern shopping experience can be.

It means we're constantly changing the game. Always trying out new things. And we encourage our people to do the same. To grow. To develop. Because we don't believe roles have to stay fixed. Instead we inspire our people to take an irregular career path. As a company of 350 dynamic start-ups, our whole business is built for it. So once you're in, there's no telling what will happen next.

Engineering at Klarna is an inspired, customer focused community, dedicated to crafting solutions that redefine our industry. Working in small, highly collaborative Agile teams, you and your team will have a clear mission and ownership of an important outcome that supports Klarna and our customers. At Klarna we optimise for quality, flow, fast feedback, focussing on end-to-end ownership, continuous improvement, testing, monitoring and experimentation. We aim for teams that are inclusive, helpful, and have a strong sense of ownership for the things they build.

Our engineers make some of the most significant decisions for the company and we are looking for bold, open and curious developers. As a Klarnaut, you'll be inspired to contribute to the growth of Europe's most highly valued fintech and your work will reach millions of users.

Want to be part of the change? We're expanding several of our engineering teams, including; teams working on our core checkout product, payment services, fraud prevention, or improving our billing service and shipping credentials to name a few.

You are a hacker. You love breaking stuff. You are also an engineer. We want to give you the freedom to work across the offensive space where it provides the most value.

What you'll get to do

  • Break all the things.

  • Conduct white-box and black-box penetration testing against internal and public-facing applications and assets.

  • Manage, triage, and investigate Bug Bounty submissions and external pentest findings.

  • Perform variant analysis on issues discovered through all channels.

  • Research and perform security analyses on Klarna's 3rd-party solutions.

  • Develop tooling to support reconnaissance, automation, and metrics collection.

  • Provide expert guidance to developers, other product security teams, and the SOC in investigating issues.

  • Spread awareness of offensive security practices via demos, workshops and training.

  • Assess the security of our tech stack through whatever means are best suited.

  • Define what we focus on to provide the most value.

  • Help further mature Klarna's security program.

Some of the technologies you'll get to work with

  • Python or Node.js
  • AWS

We also believe in contributing back to the open-source community. You can find some of our work here https://github.com/klarna.

To succeed in this role, we think you should have/be

  • Strong experience with penetration testing and other technical security assessments.

  • Experience identifying security issues in code, particularly within Java and Node.js

  • Experience with cloud environments, particularly AWS and modern micro-service design principles.

  • Comfortable communicating findings clearly and effectively, with concrete remediation recommendations beyond simple issue reporting.

  • Comfortable scripting and contributing to larger projects in Python.

  • Able to take initiative and be comfortable taking on projects that contribute to the larger security culture and posture at Klarna.

  • Industry recognised certifications, e.g. OSCP, OSWE, CREST, GIAC, AWS, et. al.

  • CTF Participation and active contributions to the cybersecurity community.

What we can offer you

  • Culture
  • You'll have an opportunity to work with talented people from 90+ different countries in our brand new English speaking offices.
  • Learning
  • We have a learning and development focused environment with an emphasis on knowledge sharing, training, and regular internal technical talks, as well as a generous training budget.
  • Compensation
  • You'll receive an attractive salary, pension, and insurance plans, plus we offer all of our employees an opportunity to invest in a RSU program and own a stake of the company. You'll also receive 30 days annual leave and since we recognise that life is about more than work, we also offer benefits for gym memberships and discounted lunch through Smunch. We also support our working parents, so you don't have to choose between work and family.

How to apply: please send us your CV or Linkedin profile in English

We know diverse teams are strong teams, so we welcome those with alternative identities, backgrounds, and experiences. Our teams include women, men, mothers, fathers, the self-taught, the college-educated, and people from all over the world.

About Klarna

Klarna was founded in Stockholm, Sweden in 2005. Since then, we've changed the banking industry forever. And now we're creating the world's smooothest shopping experience. We serve 80 million consumers worldwide, and partner with 190,000 merchants - with a new merchant joining us every 8 minutes. Including some of the world's leading brands, such as H&M, ASOS, IKEA, Adidas, Samsung and Lufthansa. Our offices are spread over 18 different markets, hosted by +3000 people from 90 nationalities.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Security Engineer

Safelite Autoglass

Posted 1 week ago

VIEW JOBS 11/26/2020 12:00:00 AM 2021-02-24T00:00 Security Engineer The Security Engineer is a collaborative, analytical, detail-oriented technology professional with responsibility to mitigate/remediate risk, manage complex projects, and build cross-functional excellence to safeguard our technology and data ecosystems. Find a career. Gain a family. Safelite will be unlike any place you've ever worked. (This won't be just the daily grind!) You'll join caring and passionate teams that collaborate to make a difference, deliver extraordinary results and bring unexpected happiness. Every day. Your effort, heart and creative ideas will be valued and rewarded. And we care about your well-being. So, we'll strive to give you what you need to have a happy work/life balance. Essential Activities: * Responsible for the execution and implementation of the organization's information security strategy/program's daily operations, goals and objectives by developing and monitoring security standards and best practices for the organization. Recommend security enhancements as needed and build solutions to meet those needs as appropriate. * Define, build and track risk ratings, models, and hierarchies to identify the impact, severity, likelihood, and overall risk assessments of identified threats and/or vulnerabilities. Take action decisively and quickly working with various stakeholders on the appropriate tactics. * Provide operational governance for technology and business leadership to help ensure a continued alignment between the information security and privacy program, business architecture, technology architecture and the associated product, project, and program portfolios. * Advises business stakeholders, partners and IT leadership in the identification, analysis and/or implemenations of technologies, scope, requirements, benefits and risks of proposed initiatives/solutions as it relates specifically to information security and privacy goals/objectives. * Proactively works with partners and suppliers to achieve objectives on time and within budget. Directs and/or takes appropriate action when necessary with partners/suppliers to build enterprise class solutions, respond to issues/threats, and/or communicate to stakeholders all utilizing efficient and effective tools and techniques. * Actively engages in the greater information security and privacy community (e.g. peer groups, seminars, conferences, etc.) to help identify new technologies, new techniques and new partners. Demonstrates a positive, proactive and thought leadership attitude to Safelite and the greater security community. Requirements: * 7-10 years of relevant experience is required. * Bachelor's degree in Computer Science, Information Systems, Computer Engineering, Information Security or equivalent is required. * Cyber Security Certifications (e.g. CISSP, GIAC certifications, etc.) are preferred. * Direct and recent working experience with the following compliance programs: ISO 27001, PCI-DSS, SSAE18 SOC1 Type 2/SOC2 Type 2 is required. * Demonstrated experience with NIST CSF, CoBit and/or COSO frameworks is preferred. * Experience with Oracle, Microsoft Word, Excel and PowerPoint Apply Now! We're known as an auto glass company. That's the focus of what we do. But we're much more -- we're a growing and evolving service brand. And what really makes us unique is our people. Because at our core, we're a People Powered organization -- and our people come first and our culture matters. We'll help you find a fulfilling career path and encourage you to have a life. Let us be the best place you'll ever work. Learn more. #INDCORP Safelite Autoglass Columbus OH

Offensive Security Engineer

Klarna