About the Role
You will play a pivotal role in securing Figure's software from the first line of code through deployment. You'll build and scale the vulnerability management program, embed secure coding practices into engineering workflows, and help ensure security standards are met at every stage of the software development lifecycle. You'll work closely with Engineering, DevOps, and IT to keep security processes resilient, scalable, and seamlessly integrated into daily workflows.
Requirements
- Strong background in reading and writing code
- Experience with CI/CD pipeline security integration
- Experience with vulnerability management programs
- Experience with threat modeling and security architecture reviews
- Experience managing third-party penetration tests
- Experience with incident response and on-call rotations
Responsibilities
- Architect design and implement end-to-end security solutions including firewalls intrusion detection encryption protocols security event management and cloud security controls
- Collaborate with DevOps to integrate security into CI/CD pipelines ensuring automation and repeatability of secure deployments
- Conduct regular security assessments threat modeling and architecture reviews to identify risks and design mitigations
- Lead cross-team initiatives that significantly improve security posture while balancing speed and innovation
- Mentor engineers on security best practices and build a culture of security by design
- Actively participate in incident response on-call rotations and post-incident reviews
- Improve and run the vulnerability management program including triage prioritization tracking remediation and reporting
- Manage third-party penetration tests including scoping vendor coordination and tracking remediation of findings
- Automate sources of toil such as routine patching or dependency upgrades
- Conduct threat modeling and security reviews for new features and services partnering with engineering teams early in the design process
- Adhere to all company security policies and data handling procedures
- Complete mandatory security awareness training within required timeframes
- Promptly report any suspected security incidents or suspicious activity to the Security team
Benefits
- Comprehensive medical dental and vision coverage with 100% employer-paid premiums for employees and dependents on select plans
- Company HSA FSA Dependent Care FSA 401(k) and commuter benefits
- Employer-paid life and disability insurance
- 11 observed holidays and PTO plan
- Up to 12 weeks of paid family leave
- Continuing education reimbursement
- Company equity in the form of RSUs