Senior Product Security Engineer

About EarnIn

As one of the first pioneers of earned wage access, our passion at EarnIn is building products that deliver real-time financial flexibility for those with the unique needs of living paycheck to paycheck. Our community members access their earnings as they earn them, with options to spend, save, and grow their money without mandatory fees, interest rates, or credit checks.

We’re fortunate to have an incredibly experienced leadership team, combined with world-class funding partners like A16Z, Matrix Partners, DST, Ribbit Capital, and a very healthy core business with a tremendous runway. We’re growing fast and are excited to continue bringing world-class talent onboard to help shape the next chapter of our growth journey.

POSITION SUMMARY

 As a Senior Product Security Engineer at EarnIn, you will strengthen the security of our products by leading the vulnerability management program, driving remediation efforts, and guiding teams with secure development practices. You’ll conduct architecture reviews, lead threat modeling, and support our bug bounty program, while staying ahead of the evolving vulnerability landscape. Through practical guidance, documentation, and training, you’ll help EarnIn deliver innovative financial products that are secure, resilient, and trusted.

This full-time position is open to candidates in remote US markets. The salary range for this position is $186,300 - $227,700, plus equity and benefits. Our salary ranges are determined by role, level, and location.

WHAT YOU'LL DO

• Lead and evolve the vulnerability management program: define short- and long-term goals, establish processes, and build and maintain metrics and reporting.
• Manage day-to-day program operations: triage findings, file and track tickets, respond to questions, evaluate solutions, and drive remediation progress.
• Partner with engineering teams to review security weaknesses, balancing risk, technical constraints, and business impact, while providing authoritative secure development guidance to ensure solutions are practical and effective.
• Lead security architecture reviews and guide engineering teams and security champions in completing threat modeling exercises.
• Support the bug bounty program, including triage of submissions, coordination with researchers, and integration into the vulnerability management workflow.
• Stay current on the evolving vulnerability landscape, including new classes of application, dependency, and infrastructure issues.
• Contribute to security best practices, guidelines, documentation, and training.

WHAT WE'RE LOOKING FOR

• 4+ years of experience running or contributing to a vulnerability management program at scale
• Bachelor's degree or higher, or equivalent industry experience
• 4+ years of professional software development experience (Python, Java, JavaScript, or similar), with proven ability to evaluate code quality and provide informed security guidance to engineers.
• Experience automating aspects of vulnerability management through scripting, APIs, and integration with CI/CD systems.
• Demonstrated ability to proactively improve and streamline existing processes and programs to drive continuous improvement.
• Strong understanding of application and cloud security principles, standard vulnerability classes (e.g., OWASP), secure development practices, and threat modeling.
• Proficiency with vulnerability scanning tools, dependency management, and code analysis.
• Knowledge of containerized environments (Docker, Kubernetes) and cloud platforms (AWS preferred).
• Ability to work cross-functionally with engineering, product, and operations teams to drive security initiatives forward.
• Excellent attention to detail with strong written, verbal, and interpersonal communication skills.

#LI-Remote

At EarnIn, we believe that the best way to build a financial system that works for everyday people is by hiring a team that represents our diverse community. Our team is diverse not only in background and experience but also in perspective. We celebrate our diversity and strive to create a culture of belonging. EarnIn does not unlawfully discriminate based on race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity, gender expression, national origin, ancestry, citizenship, age, physical or mental disability, legally protected medical condition, family care status, military or veteran status, marital status, registered domestic partner status, sexual orientation, genetic information, or any other basis protected by local, state, or federal laws. EarnIn is an E-Verify participant. 

EarnIn does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies in response to job postings. No fee will be paid to third parties who submit unsolicited candidates directly to our hiring managers or HR team.