Saturday, June 25, 2022
HomeBudgetWe're Hiring a Humbly Assured Senior Safety Engineer

We’re Hiring a Humbly Assured Senior Safety Engineer

About Us and Why We’re Hiring

We construct “You Want a Funds,” the perfect budgeting software program and academic sources round. (These within the know name us YNAB, which is pronounced “why-nab.”) For greater than a decade, folks have been shopping for YNAB after which telling their buddies what a distinction it has made of their lives. Google us, or learn a few of our critiques on the app retailer, and also you’ll see what we imply. We love constructing one thing that has an enormous optimistic affect on folks’s lives.

We’ve taken the stance that it’s greatest to make safe practices and selections a sensible a part of our firm tradition from day one. Consequently, now we have numerous applications and practices in place that we’re pleased with, and you may examine a few of our public-facing ones in our safety coverage. However safety is a journey, and though now we have loads of individuals who get obsessive about safety, we’re on the level in our journey the place we wish somebody who will get to obsess about safety all day, each day. And that’s the place you, our new safety engineer, are available. You like serving to these round you make good choices round safety and are skilled in serving to construct belief and comprehension round greatest practices. You’re a vital thinker with an open thoughts, you purpose/debate with empathy, have sturdy communication abilities, and have deep respect for the ability of collaboration.

Now we have one overarching requirement with regards to becoming a member of our staff: our Core Worth Manifesto has to actually click on with you. If you happen to’re nodding emphatically whereas studying this, you’ll in all probability prefer it right here, and we are able to’t wait to attach with you!

In fact, now we have some agency* necessities too, like 5 years of expertise concerned in constructing software program, with not less than 3 years devoted to a security-focused position.

*Properly, firm-ish. If you understand you’re a terrific match for this position however fall slightly in need of the five-year requirement, we encourage you to go forward and apply. We don’t want you to be the proper candidate on paper. 

On an analogous word, we all know impostor syndrome could be a highly effective power and will discourage implausible folks from making use of. Please apply anyway. Many people right here have it too, so that you’re in good firm.

Okay, let’s discuss life at YNAB, after which we’ll go into element about what we’re in search of. 

Who You’d Be Working With

You’ll naturally work with engineers, however you’ll additionally ceaselessly work with everybody in our cross-functional product groups: Designers, Product Managers, and Buyer Assist. And since your safety suggestions will usually apply to how we work internally, you’ll work with staff in advertising and marketing, training, and operations too.

All of our staff have one factor in widespread: They’re a pleasure to work with. You gained’t discover heated arguments and raised voices right here. We save our aggressive spirit for YNAB’s exterior rivals (or the occasional spirited board/online game session), however internally we construct up our teammates and have fun their successes.

We’re all keenly conscious of our work’s affect on clients and the corporate, and we acknowledge safety and privateness are a vital a part of each position, no matter title. 

So, safety isn’t a tough promote round right here. All of us work and sleep slightly bit higher once we know the best way to architect a system that’s safe by design, and once we know that an errant click on on that attachment isn’t going to destroy the corporate. 

And when one in every of us does make a safety mistake, we’ll admit it as a result of we blame defective processes, not folks.

How You’ll Work at YNAB

We additionally work actually onerous, collectively, to make working at YNAB a tremendous expertise, and we had been (humbly) proud to be named Fortune’s #1 Greatest Small Firm to Work For the final two years. Now we have a staff of really distinctive folks—the sort you’ll be excited to work with. Right here’s how we function:

Accountability and Empowerment

YNAB appreciates, respects, and trusts the experience and judgment of our engineers. We empower them to do what they assume is correct. 

We additionally work collaboratively. We repeatedly search the correct amount of construction and unity vital to maximise productiveness. The place it is smart, we designate somebody to make a name. 

Although our individuals are proper rather a lot, it’s okay to make errors right here. Exploration and calculated dangers are important to velocity and development. We freely admit once we’re unsuitable. If one thing doesn’t go as anticipated, we be taught, bounce again, and make corrections. 

You gained’t be alone; others can be there to assist, evaluate, reassure, and again you up. We personal our processes and collective outcomes as a staff.

Reside (Virtually) Wherever You Need

We’ve at all times been a totally distant staff, and have folks all around the world. For this position, you’ll must be positioned someplace between the Pacific Time Zone (UTC-8) and the Central European Time Zone (UTC+1). For example, North America and most of Europe work effectively. Wherever you’re, simply ensure you have a dependable web connection.

No Outrageous Hours

We would like everybody to have a full life exterior of YNAB, and we seldom work greater than 40 hours per week. There have been a couple of events the place issues acquired busy and folks needed to put some further time in. However then they took some further break day, so all of it balances out. We work onerous and good, however we’re on this for the lengthy haul.

Take Trip (Severely)

We would like you to take trip. Actually, now we have a minimal trip coverage of three weeks per yr. 5 weeks feels about proper (plus two further weeks for our company-wide December break). It’s necessary to get loads of downtime and get out and do one thing. We’ll stay up for seeing footage of your adventures in our #office_wall Slack channel.

The YNAB Retreat

When the pandemic isn’t holding us from touring, we get the entire staff collectively annually to atone for spreadsheets and powerpoints in a Greatest Western convention room. Simply kidding. Up to now, we’ve accomplished Costa Rica, a gigantic cabin within the mountains, a seashore home within the Outer Banks, a ranch in Montana, and most just lately, Laguna Seaside. We do actually enjoyable issues at these retreats, however the spotlight is inevitably simply being collectively and having a blast.

Up Your Recreation

We’re critical about serving to you enhance your craft. We finances for it (hey-o!). Assume conferences, Lynda/Skillshare subscriptions, books, and devoted time away from work to be taught one thing new. We like to see our folks develop.

Worldwide is Completely Okay

Our staff is unfold throughout the globe, together with Switzerland, Mexico, Canada, Brazil, the UK, and all around the United States. We arrange staff members within the US and UK as staff, and people in different international locations as unbiased contractors. 

As talked about above, now we have a while zone restrictions for this position, however so long as you’re between UTC-8 and UTC+1, we’re good!


We provide glorious well being, dental, and imaginative and prescient insurance coverage for our US staff, the place we cowl 100% of the premium for you and your loved ones. No have to examine your imaginative and prescient, you learn that proper—100%. Though if you happen to did have to examine your imaginative and prescient, we’ve acquired you coated!

We even have a Conventional and Roth 401k possibility. YNAB matches your contributions, as much as six p.c of your paycheck. Matches vest instantly. (Are you a private finance junkie like our founder Jesse? He arrange YNAB’s 401k to have the bottom price construction potential, the place all plan prices are paid by YNAB, not your retirement nest egg. The funding funds accessible are implausible, passively-managed, ultra-low-cost index funds. Not a PF junkie? Belief us, it’s superior.) For UK staff, we additionally contribute six p.c to your pension.

We additionally provide beneficiant paid parental go away for all full-time staff members. Right here’s to rising the world’s budgeters, one little one at a time!

Aggressive Compensation

The beginning wage vary for this place is $142,000-$170,000 USD yearly, relying on expertise. We contemplate raises yearly, and have a bi-annual profit-share bonus. YNAB wins, you win—that sort of factor.

Different Tidbits

  • When you begin, we DEMAND (in a pleasant, ALL CAPS IS YELLING means) that you simply fill out your “Bucket Record” spreadsheet with 50 objects. (That’s more durable than it sounds!) 
  • The bucket record actually helps in deciding what we should always offer you in your birthday and the vacations. 
  • We’re all adults. There’s no have to punch a clock or ask for permission to take off early one afternoon to go see the physician. We have a look at what you accomplish, not how lengthy you sit (have you ever tried standing?) in entrance of a pc.
  • We’re at present trialing a four-day work week! For us, this implies 4 common days of labor adopted by a three-day weekend…each week. That is new to us, and we’re studying rather a lot, however we’re enthusiastic about what it may imply each for the corporate and our staff members. 
  • We would like you firing on all cylinders so we’ll set you up with a top-of-the-line laptop and can change it commonly.
  • Did we point out we make an enormous, optimistic distinction on this planet? 

If this seems like your excellent setting, learn on as a result of now we need to discuss you. You’ll play a giant half in constructing one thing simple and joyful to make use of that helps thousands and thousands of individuals uncover budgeting as a vital monetary and life-planning software. You will change lives

You, Our New Safety Engineer


While you learn the next record, you’re in all probability going to assume, “This sounds nice. I may actually assist in these areas,” after which a couple of bullet factors later, you’ll assume, “Wait, that is an excessive amount of for one individual,” and that’s virtually definitely true. Fortunately that is solely the primary place we’re filling for our safety staff. We’d like your assist to determine the small print, however as we be taught extra we are able to discuss rising that staff the place vital. As well as, you’ll have:

  • The popularity that simply since you’ll act as our most important guide in these areas, you gained’t essentially be the principle implementer.
  • Affordable expectations concerning timelines.
  • The expertise essential to know the place to prioritize your power first, based mostly on strong threat evaluation of threats, their probability, and their affect.
  • The authority to advocate the best way to construct out and rent our safety staff as we develop.
  • The power to assume strategically and long run, and switch that considering into tactical progress/accomplishment.

So though we’re trying to find a safety unicorn with a large depth and breadth of information, we’re not anticipating you to be a magical unicorn! 

Defend YNAB – The Product

  • Now we have skilled, security-savvy engineers, and you’ll assist guarantee they observe safe improvement practices and construct rigor round our software program improvement life cycle to make it safe. 
  • Triage incoming bugs from our ongoing Bug Bounty Program with the suitable software engineers.
  • Help and practice us in performing security-focused code critiques.
  • Make the most of your expertise in setting up techniques which might be safe by design to behave as the first safety guide for our engineers as they architect new techniques.
  • Examine intrusion/ATO makes an attempt utilizing our software monitoring stack, and advocate infrastructure enhancements to make subsequent intrusion makes an attempt simpler to determine and block.
  • Make significant suggestions for Safety Data and Occasion Administration (SIEM), and know what that will appear like for a totally distant SaaS firm.
  • Hold abreast of greatest practices and vulnerabilities to make sure that we don’t fall behind as attackers innovate.
  • Consider and Coordinate with third celebration auditors to carry out penetration checks and code audits. (And while you learn their report, you may simply distinguish between the advertising and marketing fluff and the scary stuff.)
  • Advocate automated checks to assist detect vulnerabilities earlier than we ship them.
  • Introduce safety requirements which might be enforced via sturdy documentation and empathetic steering.
  • Motive clearly about safety and product tradeoffs and stability such priorities in choices.
  • Discover bettering engineering requirements, tooling, and processes rewarding.

Defend YNAB – The Firm

  • Consider and increase our Inner Safety Insurance policies and Governance Paperwork.
  • Know the best way to discover the stability between insurance policies that make us extraordinarily safe, however paralyze the group, and lax insurance policies which might be extraordinarily environment friendly, however go away us one click on away from a business-ending ransomware assault.
  • Work with Operations/IT to:
    • Guarantee now we have configured our inside enterprise purposes accurately and securely.
    • Advocate cloud suppliers for security-sensitive operations, like id administration, account provisioning, and many others.
  • Carry out Inner Threat Assessments to assist guard in opposition to essentially the most possible safety threats our enterprise faces.
  • Consider and advocate inside safety coaching supplies which might be truly helpful.
  • Assess our current infrastructure, from bodily asset practices to community settings.
  • Reply to safety questionnaires from potential distributors.
  • Assist navigate new legislative necessities concerning knowledge privateness.
  • Establish threats and vulnerabilities in a totally distant SaaS setting.
  • Put together for potential threats that would disrupt operations.

Defend our Prospects and their Knowledge

  • We assist our clients to make safe choices by default, and you’ll assist enhance our current techniques designed to: forestall dangerous/breached passwords, encourage enabling 2FA, resist phishing and self-XSS makes an attempt, and many others. You’ll coordinate with the product and engineering groups to guage our efforts and make suggestions to enhance them.
  • Seek the advice of with our Head of Product, Head of Expertise, Operations, and attorneys to assist reply to, and doubtlessly automate our (uncommon) GDPR/CCPA requests.
  • Discipline inside and exterior safety questions concerning the remedy of delicate knowledge.
  • Hold our exterior safety and privateness insurance policies updated.

A bit extra about you:

You’ve a powerful technical background with not less than 5 years of expertise associated to constructing, transport, and securing software program. Ideally in a SaaS setting.

We acknowledge that individuals get into software program “safety” by many paths, so it’s troublesome to boil our expertise necessities right down to an ideal record of bullet factors, however you’re the individual we’re in search of if you happen to:

  • Will not be solely undaunted however excited in regards to the above record of duties and appropriately assured in your capacity to sort out most of them.
  • Are a collaborative staff participant, but in addition comfy working independently with a lot of autonomy.
  • Have sufficient expertise to be stunned to see us go away sure issues out of the above job description, and stay up for educating us.
  • Have broad sufficient abilities to have the ability to make best-practice safety suggestions for our group as a complete, whereas having deep sufficient abilities to have the ability to acknowledge and doubtlessly even exploit high OWASP vulnerabilities like SQL injections, XSS, and many others.
  • Labored on, and doubtlessly led a safety staff earlier than with a title like Utility Safety Lead or Utility Safety Engineer.
  • Are a wonderful written and verbal communicator.
  • We divorce administration experience from technical experience right here, and it is a technical position. Though you don’t need to understand how or want to handle folks, you should be extraordinarily personable and in a position to effortlessly be a liaison and champion of safety and coverage between all groups and ranges at YNAB.

Felony Data:

In case your path to the world of knowledge safety concerned “hacking”, and you’ve got a felony document in consequence, we’ll nonetheless contemplate you relying upon the circumstances. Tell us upfront so we are able to discuss it reasonably than be stunned when doing our background checks.


YNAB is an equal alternative employer. We consider a range of backgrounds, beliefs, talents, and experiences is vital to our success. We’re obsessed with making a welcoming, supportive, and collaborative setting for all staff. All are inspired to use as we proceed to develop a wise, skilled, and various staff that loves working collectively to construct one thing that issues.

Learn how to Apply

  • Apply by filling out this kind. You’ll have to log in to your Google account to entry it.
  • The deadline is 11:59 pm PT on Sunday, July 10, 2022. 
  • Our objective is to make the hiring course of as accessible as potential. If we may also help you with an accessibility want, e-mail us at  at [email protected] Remember to point out within the topic line that you simply’re making use of for the Senior Safety Engineer place. (Please word that this inbox is just monitored for messages associated to lodging.)

We’re excited to listen to from you!

P.S. If you happen to’re not on this place proper now, however know somebody who is likely to be, we’d respect you passing this alongside!



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments