Staff Product Security Engineer

Affirm

Remote

Quick summary

Work type: Remote
Location: Remote
Salary: $225,000–$275,000 / yr
Posted: 49 days ago

Market check

Salary context

Above market

How this pay compares to similar roles

Similar $186k

This role $250k

$128k most similar roles pay here $291k

This role pays more than 91% of similar roles. Most pay $152,975–$220,000 — the shaded band above. At the midpoint, this role pays about $250k versus about $186k for comparable roles.

Based on 240 similar postings.

Employer

About Affirm

Affirm is a buy-now, pay-later (BNPL) financial technology company that offers point-of-sale installment loans to consumers, allowing them to split purchases into fixed monthly payments with transparent terms. Industry: Financial Technology & Consumer Lending

Affirm currently has 57 open roles on FindRole.

Listed pay typically runs $195,000–$255,000 across 57 roles with salary data.

Most-posted roles

View all roles at Affirm

At a glance

TL;DR · Staff Product Security Engineer

Apply Now Log in to save

As a Staff Product Security Engineer at Affirm, you will join a team dedicated to enhancing information security across all product development phases. Your role involves partnering with cross-functional teams to integrate security into the product lifecycle through threat modeling, architecture reviews, and code analysis. You will also automate processes, develop test cases, and advise on business security requirements early in projects. Ideal candidates have deep knowledge of web application design, experience with cloud services like AWS and Azure, and familiarity with modern software development practices. Additionally, you should understand common security flaws, threat modeling techniques, and continuous integration/deployment tools. This position requires a BS degree or equivalent experience, with an MS being advantageous.

Skills

Python Kotlin Java AWS Azure OWASP PCI SAML OAuth2 CI/CD Docker

What you'll do

Partner with product teams to integrate security throughout the development lifecycle.
Conduct threat modeling and architecture reviews to mitigate risks proactively.
Analyze source code to identify and address security vulnerabilities.
Develop automated processes for continuous security improvement.
Create security-focused test cases to enforce requirements early in projects.

What we're looking for

Deep understanding of web application architecture and design principles.
Experience with cloud-based services development using Python, Kotlin, Java, AWS, or Azure.
Knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
Experience conducting threat models for complex, distributed products.
Understanding of continuous integration/continuous deployment processes and tools.