Full Job Description
Varo is on a mission to empower hard-working Americans to achieve greater financial resilience; arming them with the products and support they need to create healthy financial habits and reduce financial stress. Through its mobile app, Varo offers customers premium bank accounts that have no minimum balance requirement or monthly account fees, high-interest savings accounts, and solutions to build, repair, and access credit. Varo’s state of the art technology provides tech-first features to help people achieve their financial goals and manage their money more easily.
Varo is distinct from other fintechs: Varo is the first fintech to be granted preliminary approval for a de novo national bank charter by the Office of the Comptroller of the Currency (OCC), the first to receive approval from the FDIC for federal deposit insurance, and is weeks away from opening the first mobile-centric national bank in U.S. history. Our unique team combines the best of tech and banking, and we’re wildly passionate about keeping our customers happy by helping them manage and grow their money. Our teams are based in San Francisco and Salt Lake City. Privately held Varo has raised over $400M to date, from leading institutional investors and strategic partners including Warburg Pincus, The Rise Fund / TPG Growth, Gallatin Point Capital, Harbourvest Partners, Progressive Insurance, and iHeartMedia.
ABOUT THE SECURITY ENGINEERING TEAM
Varo’s Security Engineering team’s mission is to help the organization conduct business in a secure manner without hindering developer agility or product innovation. The team works hand-in-hand with engineers across the organization as we innovate in the banking industry. We practice the “DevSecOps” philosophy and build security automation early into the process of everyday engineering functions from software engineering, to cloud infrastructure, and IT.
ABOUT THE SECURITY OPERATIONS ENGINEER ROLE
The Security Operations Engineer is responsible for operating and maintaining the Security Engineering team’s Vulnerability management, Security Incident and Event Management (SIEM), Data Loss Prevention (DLP), Web Application Firewall (WAF), and Mobile Device Management (MDM) tools. Additionally, the SecOps Engineer will perform forensic recovery/support, incident event management, threat feed management, managed security service provider (MSSP) vendor management, and proactively monitor and defend our networks and applications. The Security Operations Engineer will also be responsible for building the SOC strategy and processes. This role will focus heavily on operational and strategic level tasks, and provide counsel and guidance to the wider engineering organization.
The ideal candidate is hands-on, articulate and focused, and can own projects, features and functionality; enjoys learning and mentoring others. We're looking for a world-class security operations engineer to help create a world class security operations environment.
WHAT YOU'LL DO
Formulate SOC strategy and processes.
Managed security service provider (MSSP) vendor management.
Monitoring security alerts through SIEM and other tools.
Monitor Web Application Firewall events and alerts.
Monitor DLP/Vulnerability tools for events and alerts.
Develop SIEM event correlation logic and alerting dashboards.
Triage security alerts and escalation handling.
Respond to security incidents, intervene, and escalate as necessary to protect company assets and our customers.
Conduct forensics and gather electronic evidence as necessary.
Conduct employee security awareness training.
Effectively recognize threats by performing relevant research and data analysis.
Recognize opportunities for addressing fraud issues, risks, and exposures.
Collaborate with cross-functional groups such as legal, product, marketing, and platform engineering to enhance processes.
Ability to work extended or non-traditional hours on occasion to support emergency situations.
SKILLS AND EXPERIENCES THAT'LL HELP YOU BE GREAT
B.S. or M.S. in Information Security, Computer Science, Information Systems or equivalent experiences and certifications (CISSP, CISM, CISA, or CRISC, GIAC)
Must have a minimum of 3-5 years of Devops, IT or Information Security with 3+ years in Information Security.
Competency in Linux/Windows administration.
Must have excellent project management and organizational skills.
Must be able to communicate clearly and concisely with internal and external parties.
Experience in network administration and understanding of DNS, firewalls, proxies, WAFs, SIEM, antivirus, and IDPS concepts.
Broad understanding of network security, cloud infrastructure security, and application security.
THE THREE SKILLS THAT MATTER MOST
Nobody can be great at everything, but we’re looking for candidates who are extraordinary at:
Managing SIEM tools, monitoring security alerts, and event correlation (ElasticSearch/Elastic SIEM)
Risk Monitoring, Incident Management, Vulnerability Management, and Forensic Investigation
Public cloud security (AWS/GCP/Azure AD)
OTHER NICE TO HAVES
Experience with Kubernetes, Helm, and Istio.
Experience with programming languages such as Python, PowerShell, Bash, Java, or Go.
At Varo, we are committed to living our values. We hope these resonate with you.
Customers First: Understand the problems our customers are trying to solve. Respond with a sense of urgency. Build relationships that result in loyalty. Be data and insights-driven. Test everything. Achieve results through strong execution. Build a product people love. Assess new initiatives with the customers’ interest in mind. Act with empathy.
Take Ownership: Bias towards action. Have high standards. Be accountable for the results of your work, our product, our company. Trust others to own it.
Respect: Bias towards action. Have high standards. Be accountable for the results of your work, our product, our company. Trust others to own it.
Stay Curious: Ask why. Dare to make things better. Learn something new each day (even from mistakes). Be open to growth. Develop creative solutions.
Make it Better: Think big. Set high goals. Work towards long term value rather than short term wins. Create change. Be resilient.
Varo is an equal opportunity employer. Varo embraces diversity and we are committed to building teams that represent a variety of backgrounds, perspectives, and skills. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.